We provide this overview so that you can better understand the security measures we've put in place to protect the information that you store using Secure Sypher.
We encrypt the files that you store on Secure Sypher using the AES-256 standard, which is the same encryption standard used by banks to secure customer data. Encryption for storage is applied after files are uploaded, and we manage the encryption keys.
Secure Sypher uses Amazon S3 for data storage. Amazon stores data over several large-scale data centers. According to Amazon, they use military-grade perimeter control berms, video surveillance, and professional security staff to keep their data centers physically secure.
You can find more information about Amazon's security at the Amazon Web Services web site.
Amazon and Secure Sypher also employ significant protection against network security issues such as Distributed Denial of Service (DDoS) attacks, Man in the Middle (MITM) attacks, and packet sniffing.
Your files are sent between your web browser and our servers over a secure channel using 256-bit SSL (Secure Sockets Layer) encryption, the standard for secure Internet network connections. Once we have mobile apps or other ways for you to acces your files, those access points will also be secured using 256-bit SSL. Your files will never be transmitted by Secure Sypher over a non-encrypted channel.
Secure Sypher and Amazon keep redundant backups of all data over multiple locations to prevent the remote possibility of data loss. In the unlikely event that this redundancy were to fail, you should continue to keep a local copy of all of your files.
A copy of our full privacy policy can be found at: secure.sypher.com/privacy.
We guard your privacy to the best of our ability and work hard to protect your information from unauthorized access.
Sypher Technology employees are prohibited from viewing the content of files you store in your Secure Sypher account, and are only permitted to view file metadata (e.g., file names and locations). Like most online services, we have a small number of employees who must be able to access user data for the reasons stated in our privacy policy (e.g., when legally required to do so). But that's the rare exception, not the rule. We have strict policy and technical access controls that prohibit employee access except in these rare circumstances.
As set forth in our privacy policy, and in compliance with United States law, Sypher Technology cooperates with United States law enforcement when it receives valid legal process, which may require us to provide the contents of your Secure Sypher files. In these cases, we will remove our encryption from the files before providing them to law enforcement.
Secure Sypher applies encryption to your files after they have been uploaded, and we manage the encryption keys. Users who wish to manage their own encryption keys can apply encryption before uploading files to Secure Sypher. Doing so will make it impossible for us to recover your data if you lose your encryption key.
We take a number of measures to ensure that the data you store on Secure Sypher is safe and secure. While we're very confident in our technology, we recognize that no system can guarantee data security with 100% certainty. For that reason, we will continue to innovate to make sure that our security measures are state of the art, and we will investigate any and all reported security issues concerning our services or software. For a direct line to our security experts, report security issues to support@sypher.com.