Last Updated: 07-Nov-2014
We, at SilverWiz, are aware of the trust that you place in us and our responsibility to keep your data secure. SYNCbits is built with industry-standard security practices and employs strict policies to protect your data.
SYNCbits is a technology that allows apps to synchronize data over the cloud. In order to achieve that, SYNCbits takes care of data upload, data storage and data distribution between customer’s devices, keeping it safe and protected through the entire process. This article explains how SYNCbits keeps your personal information and data secure.
SYNCbits secures data by encrypting it with a minimum of 128-bit AES encryption at all times - when it is sent over the internet, when it’s kept on our servers and by using secure tokens for authentication and accessing the data. This means that your data is protected both while being transmitted and when it is stored in the cloud. The system is built in such a way that it is not possible to obtain the encryption key for any user’s data without his/her password or answers to two (out of two) security questions.
SYNCbits is built from the start to handle sensitive data. The data is strictly divided into two parts - metadata and contents.
SYNCbits metadata is the minimum information required to achieve successful communication between mobile and desktop devices. It includes:
- timestamps of when data was transmitted
- sender device’s unique identifier
- type of data
This is the information about what is being transmitted, when and by whom. This allows any device to send only the new data and any other device to request for download only the new data, thus reducing the amount of data being transmitted to an absolute minimum.
The contents of your data are strictly encrypted with a minimum of 128-bit AES encryption. The size of the encryption key varies for added security. The encryption keys are also encrypted with each user’s password and security answers. This means that if you have an account with SYNCbits and you lose both your password and security answers, we can’t help you obtain your data back.
We do not keep any personally identifiable data unencrypted or encrypted with a static key. All of the information is dispersed onto multiple servers and no server stores a complete set of data for any user.
Transmitting data over the internet was proven a weak spot for many services, therefore we took extra measures to reinforce this side of our service. We work on a triple-encryption model which basically means that your data gets encrypted in 3 different ways before it gets sent to our servers.
In the first level we take care of encrypting the contents of your data. We do that in the same way that is used when storing the contents on our secure servers.
In this level we encrypt everything that we are going to store on our servers - this time including both the metadata and the contents. This means that at this point, the content is encrypted twice.
A secure, short-time limited token is issued from our servers to provide a key used for encrypting the entire communication between your devices and our servers. Encrypting the entire communication means that at this point the metadata is encrypted twice and the content is three times encrypted.
We are also using a SSL certificate.
Balancing security and convenience
We encourage you to use strong password and we provide you with feedback about how strong your password is. Passwords are categorized as weak, medium and strong and the strength of your password is determined as you type. On the other hand, we are not sacrificing your convenience by requiring lengthy password and special characters - this is up to you. Our message being use the strongest password you can remember. If your password is too difficult to remember and you have to write it down somewhere, we cannot guarantee the security of that place and the password can get stolen from it. Try to use the same principles that you apply for password strength when you enter the answers of your security questions - they are just as important when it comes to protecting your data.
Using SYNCbits data
As a user of SYNCbits, when creating an account you are required to provide us with email, password and answers to two security questions. The passwords and the security answers are stored encrypted using proprietary algorithm using multiple keys and levels of encryption. These three parameters of your account information are the most safely guarded items stored on our servers.
Your email is stored differently. We need your email address so that we can notify you when the servers need to undergo a maintenance involving more than 10 minutes downtime. The email addresses are also encrypted, which a key stored on a different server and we change that key once every hour.
We also collect not personally identifiable data, including:
This information is used internally for important statistics - we check the actual number of requests to our servers against an estimated number of requests based on the number of currently active devices and their types. This way we can detected an unexpected increase or decrease in the communication and detect issues before they present.
- unique device identifiers
- device type
None of the data that you transmit and store using SYNCbits is shared with 3rd parties.
SYNCbits provides a military-grade type of protection, designed with complexity in mind. That added complexity presents additional obstacles to 3rd parties with malicious intents.