+ Add Suggestion

Encryption of To-Do's

TC

For businesses dealing with sensitive information, it would be helpful to have encryption not only when communicating with the server but also in storage on the server so that maintenance people cannot accidentally see attachments, details, etc.

I'm a lawyer and have to use client numbers and refrain from attaching anything in order to stick to my professional code of ethics. (even with the coding and refraining from including detail in my tasks, though, this has made me much more efficient than I used to be!)

All responses

David Trey staff
Replied on May 30, 2013 - 06:58

Hello Travis,

This is already available. All files that you upload to your task list are encrypted on the server and additionally, it uses random paths so the URL to the encrypted file can't easily be accessed either.

The privacy and security of your data is our top priority and we use the highest security standards both on our end and on the end of our host - Amazon Web Services - one of the world's largest and most trusted services with dedicated encrypted file hosting servers.


Best regards,
David

P
pb
Replied on Feb 04, 2014 - 17:24

Could you elaborate on how the data is encrypted and who has access to it? I understand server-side encryption, so I take it that nobody without access to the servers can decrypt the data - but what about casual programmers? Are there any measures to keep them from accessing customer's files? Also what about the company itself? Of course this question is futile, but still: does anything prevent you from hoarding big data and profiling users?

Brendon Wadey staff
Replied on Feb 04, 2014 - 21:23

PD,

We have encryption going to and from the servers, SSL and such, and all the security is handled by AWS at that point. We don't really want to say exactly what our practices are, as then it's easier for people to figure out how, and then as you said, could cause trouble.

Though the truth is, if there are programmers that want to get access, it would be as hard to accomplish as any other modern site/service out there now. It would not be easy.

We ourselves also don't have access to the data, it's encrypted to us as well, with permission from the user, we can get bits and pieces, but mostly for information about the account, not the actual tasks/notes etc.

Regards,
Brendon.