Securing our services and our user’s data is an integral part of our platform. In our digital era, nothing is more personal than our conversation channels. That’s why we are following all the current best practices to ensure a safe handling of your data. Here are some key aspects of our platform:
- We will never request or store your account credentials. Authentication is achieved through OAuth to trusted providers such as Google, Github, etc.
- After you authenticate we receive a token from those providers to represent your identity in our system. Tokens expire in short amounts of time and you can revoke them at any given moment in time through the settings of your provider and through our sign in service.
- All account information is encrypted with AES 128-bit keys.
- All data generated by a Sift are encrypted at rest with a set of rotating AES 128-bit keys.
Red Sift’s staff doesn’t have access to your data
- Red Sift’s staff doesn’t have access to your keys. We use encrypted JWT tokens.
- All the tokens we might generate internally for you are encrypted at rest.
- All communication runs through SSL/TLS to safeguard against man-in-the-middle attacks.
Updated less than a minute ago