SECURITY: FIRST AND ALWAYS

Your security is a fundamental concern for us.

 

For us at SEECURA, security is not an option but an absolute priority and an essential component of our platform at all levels. SEECURA entrusts your data to a Server with IaaS and IDS firewalls, as well as integrated security measures up to the login page.

From normal app and operating system patches to implementing 2FA logins for all users, security is treated and managed not as an add-on but as something that is critical to the way we operate. This ensures your peace of mind when using our app, which you expect to hold your sensitive data in total security.
SEECURA is secure and guarantees the highest existing IT security standards, assuring users that their information and data are always protected.
The first fundamental concept that SEECURA users must know is that our application does not hold their data.
SEECURA collects users’ orders and immediately transmits them using an HTTPS protocol (‘HyperText Transfer Protocol over Secure Socket Layer () to the final destination server.
This guarantees our users that, in the event of unauthorized access to the app, their information will not be visible in any way: simply because it is not there!
In other words, anyone who somehow manages to illegally access your phone and enter the SEECURA app, will see an anonymous list of Final Wishes without any content.
For this reason and to ensure the highest security standard, remote access to information and documents entrusted to SEECURA is not possible because it is not provided, not even for its author.
Once Final Wishes have been submitted, they cannot be recovered even by their owners who, should they wish to amend or review them, will have no other option than to cancel and resubmit them.
Based on the above, it is impossible for anyone who illegally accesses your phone and happens to find your access data on SEECURA, to view or act on your Final Wishes.

So where do we store the Final Wishes sent via SEECURA?
Your orders are stored in a Cloud (whose data we do not disclose for security reasons), in turn protected within a Server with the highest level of safe and anti-intrusions systems.

SEECURA'S CLOUD

SEECURA guarantees the highest security standard.

 

Our Cloud guarantees the highest security standards for the protection of stored information and against intrusion. Specifically:

Firewall
Each server used by SEECURA is equipped with a firewall that allows access only to specific ports necessary for application operation.
Access security
For our users, throttling SSH and SFTP logins is a simple but effective method of dealing with brute-force logon attacks.
Bot protection
Protection from traffic congestion caused by malicious bots, brute-force login attacks, and Denial-of-Service (DoS) attacks.
Database protection
By default, the database cannot be accessed remotely.
Application isolation
Each application is isolated from the rest, thus preventing application-level problems from compromising the entire server.
SSL certificates
Our servers provide all users with FREE Let’s Encrypt SSL certificates to ensure the security of application data in transit.
User role management
Primary account holders can set up custom server access lists to provide access to server functionality as and when needed.
Operating system security and patching
Our servers are powered by Debian, in part due to its powerful and fast patch management system. Teams of engineers regularly follow the Debian community to stay up to date on current issues/vulnerabilities, and patch customer servers as soon as the patch is available.
Compliance with GDPR
Our compliance with the requirements of the European Data Protection Regulation (GDPR), the Californian Consumer Privacy Act (CCPA) and the LGDP (Brazilian data protection law) is just another demonstration of our commitment to the security of customer data and of our large customer base around the world.
Two-factor authentication
Access to our platform is secured with industry standard two-factor authentication (2FA) to strengthen platform security and minimize unauthorized access incidents on user accounts.
End-to-end encryption
The platform is fully protected with end-to-end encryption which ensures that all data in transit is protected and encrypted with the HTTPS protocol, preventing access to data while being transferred between systems.
Access control for suspicious devices
There is a control system for all devices that try to access your account. If a device (or login attempt) is marked as “Suspicious”, you are notified by email, the login process is aborted, and appropriate actions are taken to verify identity.
Periodic security patches
We regularly deploy operating system patches and firmware updates on your server. This ensures a secure Managed Cloud server and avoids vulnerabilities.

IL SERVER

Everything is encrypted.

 

Our Cloud is stored inside a Server that uses server-side encryption to protect inactive data. Server-side encryption is applied only to object data, not object metadata. Using server-side encryption with customer-supplied encryption keys (SSE-C) allows the definition of your own encryption keys. With the encryption key provided as part of the request, Server handles encryption, writing to disks, and decryption when objects are accessed. Therefore, you need not keep any code to encrypt and decrypt the data. The only thing to do is to manage the encryption keys provided.

Our Server does not store the provided encryption keys. Instead, it stores an HMAC value of the encryption key with the introduction of a random salt to validate future requests. The HMAC value with the introduction of a salt cannot be used to derive the encryption key value or to decrypt the contents of the encrypted object. This means that if you lose the encryption key, you lose the object.

  • The ETag in the response is not the MD5 of the object data.
  • Manage the mapping yourself to keep track of the encryption key that was used to encrypt a particular object. Amazon S3 does not keep encryption keys. You are responsible for tracking each encryption key provided for each particular object.
  • If your bucket supports the Multiple Versions feature, each object version uploaded using this feature can have its own encryption key. The user is responsible for tracking each encryption key used for each particular object.
  • Since the user manages the encryption keys on the customer side, he also manages any additional safeguards, such as key rotation, on the customer side.

If the encryption key is lost, any GET request for a given object without the respective encryption key fails and the object is lost.

 

Download on the App Store Get it on Google Play