Because confidentiality is cornerstone to our service, we have implemented several layers of security to protect your data. Here is a list of what we do to keep your data safe:
– We use the AES_256 algorithm which is a data/file encryption technique that uses a 256-bit key to encrypt and decrypt data or files. It is one of the most common and reliable encryption method.
– All sensitive data are encrypted at rest and in transit, meaning for storage and while being transmitted over the network.
– Your documents and encryption keys go through 3 different rounds of encryption, with a different algorithm each time.
– During the upload process, your documents are split in various file chunks of random size, each file is stored in a different location picked randomly, with an encoded filename, and a different encryption key for each chunk.
– For plans with the ‘enhanced security’ option, your documents are also protected by an additional layer through a Question/Answer capability that is the last security barrier. See a specific FAQ entry on this topic.
– We use quality SSL certificates to encrypt data transmitted over the network between your device and our servers.
– We keep an audit trails of all changes happening to your account settings (account, files, contacts, schedule).
– We keep an audit trail of all access to your documents stored on our servers (who, what, when).
– Documents life-cycle (upload, download and delete) are managed through a relay server preventing direct access to your documents.
– Strong password and 2FA authentication is offered to all users of our service. All platform administrative accounts use 2 FA. See specific 2FA FAQ topic for more information. We highly recommend you set up 2FA to strengthen the security of your account.
– We perform daily backups of the platform and we keep them for a month, then keep a monthly backup, and finally an annual one.
– We replicate all your documents to another regional data center to prevent risk of local ‘disaster’.
– Firewall, malware protection and real-time threat prevention software run on our website, with daily reports.
– We analyze user behaviors to alert on suspicious activity.
– Last but not least, we periodically work with ethical hackers that perform penetration testing on our web site, in order to identify potential security flaws.