What security measures are in place to protect data?

Because confidentiality is cornerstone to our service, we have implemented several layers of security to protect your data. Here is a list of what we do to keep your data safe:

– We use the AES_256 algorithm which is a data/file encryption technique that uses a 256-bit key to encrypt and decrypt data or files. It is one of the most common and reliable encryption method.

– All sensitive data are encrypted at rest and in transit, meaning for storage and while being transmitted over the network.

– Your documents and encryption keys go through 3 different rounds of encryption, with a different algorithm each time.

– During the upload process, your documents are split in various file chunks of random size, each file is stored in a different location picked randomly, with an encoded filename, and a different encryption key for each chunk.

– For plans with the ‘enhanced security’ option, your documents are also protected by an additional layer through a Question/Answer capability that is the last security barrier. See a specific FAQ entry on this topic.

– We use quality SSL certificates to encrypt data transmitted over the network between your device and our servers.

– We keep an audit trails of all changes happening to your account settings (account, files, contacts, schedule).

– We keep an audit trail of all access to your documents stored on our servers (who, what, when).

– Documents life-cycle (upload, download and delete) are managed through a relay server preventing direct access to your documents.

– Strong password and 2FA authentication is offered to all users of our service. All platform administrative accounts use 2 FA. See specific 2FA FAQ topic for more information. We highly recommend you set up 2FA to strengthen the security of your account.

– We perform daily backups of the platform and we keep them for a month, then keep a monthly backup, and finally an annual one.

– We replicate all your documents to another regional data center to prevent risk of local ‘disaster’.

– Firewall, malware protection and real-time threat prevention software run on our website, with daily reports.

– We analyze user behaviors to alert on suspicious activity.

– Last but not least, we periodically work with ethical hackers that perform penetration testing on our web site, in order to identify potential security flaws.

Category: Privacy and Security
Did you find this FAQ helpful?
Thumbs up icon 0
Thumbs down icon 0