Encryption and Security
What does SecretShield do with my data?
Our servers can see the message origin and destination but not the contents. Our communication protocol uses Double Ratchet meaning all data is encrypted for each target device individually with a new key per message. This means the data passing through the network and servers is completely end-to-end (app-to-app) encrypted.
SecretShield never has access to the encryption keys and can never decrypt the data passing through or temporarily stored on the servers.
The server allows temporary time-limited caching of communication data for offline devices. If the origin device and destination device are online, no content data is stored. However, if the destination device is offline, the fully encrypted data will be stored until the device connects and retrieves the data or up to ~7 days, whichever comes first.
What secret related data can be seen and is stored on SecretShield's servers?
SecretShield uses state of the art end-to-end (app to app) encryption. While our servers route and temporarily cache encrypted communication, they do not persist storage of the secrets nor can they decrypt the communication.
Since the communication protocol uses Double Ratchet, all data is encrypted for each target device individually with a new key per message. These means that data passing through the network and servers are completely end-to-end (app-to-app) encrypted. The server can see the message origin and destination but not the contents.
The server allows temporary time-limited caching of communication data for offline devices. If the origin device and destination device are online, no content data is stored. However, if the destination device is offline, the fully encrypted data will be stored until the device connects and retrieves the data or up to ~7 days, whichever comes first.
SecretShield's never has access to the encryption keys and can never decrypt the data passing through or temporarily stored on the servers.
What encryption is used by SecretShield?
Secret Shield leverages Shamir Secret Sharing, with communication using Double Ratchet with x25519 EC + ChaCha20-Poly1309, on device storage leveraging the respective iOS: KeyChain + Secure Enclave + Elliptic Curve or Android: KeyStore + Trusted Execution Environment + AES+GCM on top of native filesystem encryption and required device security. Network communication also uses TLS; however, the protocol is designed to be Zero-Trust: completely secure even if fully observed.
To learn more about the techniques we’ve employed, visit our Security and Data Privacy page.