Security Overview
We provide this overview so that you can better understand the security measures we’ve put in place to protect the information that you store using MyDocSafe.
Secure Storage
We encrypt the files that you store on MyDocSafe using the AES-256 standard, which is the same encryption standard used by banks to secure customer data. Encryption for storage is applied after files are uploaded.
MyDocSafe uses Amazon S3 for data storage using exclusively its data centres in Ireland for European users and a US data centre for the North American users. Amazon stores data over several large-scale data centres. According to Amazon, they use military grade perimeter control berms, video surveillance, and professional security staff to keep their data centres physically secure.
You can find more information about Amazon’s security at the Amazon Web Services’ website.
Amazon also employ significant protection against network security issues such as Distributed Denial of Service (DDoS) attacks, Man in the Middle (MITM) attacks, and packet sniffing.
Secure Transfers
Your files are sent between MyDocSafe’s desktop clients and our servers over a secure channel using 256-bit SSL (Secure Sockets Layer) encryption, the standard for secure Internet network connections.
Data sent using MyDocSafe email address is currently unencrypted, although we plan to add encryption in due course.
Your Data is Backed Up
Amazon keeps redundant backups of all data over multiple locations to prevent the remote possibility of data loss. You can set up a separate backup, should you so wish, by instructuring us to do so.
Privacy
We guard your privacy to the best of our ability and work hard to protect your information from unauthorised access.
MyDocSafe employees are prohibited from viewing the content of files you store in your MyDocSafe account, and are only permitted to view file metadata (e.g., file names and locations). Like most online services, we have a small number of employees who must be able to access user data for the reasons stated in our privacy policy (e.g., when legally required to do so). But that’s the rare exception, not the rule. We have strict policy and technical access controls that prohibit employee access except in these rare circumstances.
Compliance with Laws and Law Enforcement
As set forth in our privacy policy, and in compliance with the law of United Kingdom, MyDocSafe cooperates with law enforcement agencies of the United Kingdom when it receives valid legal process, which may require MyDocSafe to provide the contents of your private MyDocSafe account. In these cases, MyDocSafe will remove MyDocSafe’s encryption from the files before providing them to law enforcement.
How to Add Your Own Layer of Encryption to MyDocSafe
MyDocSafe applies encryption to your files after they have been uploaded, and currently manages the encryption keys. Users who wish to manage their own encryption keys can apply encryption before placing files in their MyDocSafe. Please note that if you encrypt files before uploading them it will be impossible for us to recover your data if you lose your encryption key. Alternatively, uses can instruct MyDocSafe to issue them with their encryption keys, to keep them separate from the main server or to escrow them with a third party. To find out more please see our encryption key management service.
I think I’ve found a security exploit. Where do I report security concerns?
We take a number of measures to ensure that the data you store on MyDocSafe is safe and secure. While we’re very confident in our technology, we recognise that no system can guarantee data security with 100% certainty. For that reason, we will continue to innovate to make sure that our security measures are state of the art, and we will investigate any and all reported security issues concerning MyDocSafe’s services or software. For a direct line to our security experts, report security issues to daniel@MyDocSafe.com.
We will fully credit anybody whose reports lead to the improvement of MyDocSafe security. A list of those who have contributed reports leading to a bug or security issue can be published on our special ‘thank you’ page.