🔒Security

Encryption Process

• Data in transit to and from the Archive is encrypted via SSL/TLS with valid Let's Encrypt certificates.

• Data is encrypted using AES-256 standard upon ingestion to the Archive and remains encrypted at rest.

Data Hosting Security

• The Archive is hosted in AWS's high availability data centers, which are FISMA, ISO 27001, SSAE-16, FedRAMP, and PCI-DSS compliant.

• Archived data is stored on AWS S3 Multi-Zone storage.

• SSL encryption for data in transit is enabled as standard.

• AES-256 encryption for data at rest is enabled as standard.

• Encryption is applied prior to storage in AWS S3. Therefore, unauthorized access to AWS storage buckets would not grant an attacker access to archived data.

How does your archive ensure the integrity of data for compliance, legal and other purposes?

• Emails are stored in the archive via journalling (near to real-time) with a sequential number, timestamp, and "digital fingerprint." This ensures that any attempts to tamper with the stored data can be detected and allows proof of an accurate and complete record of the emails from a company.

• The emails are processed and encrypted prior to delivery, preventing any tempering on the mail server or mail client.

• Access to emails is tightly controlled via granular user account permissions.

• Administrator accounts have no access to archive data. Administrators can also be assigned a privileged account if they need access as part of their role.

• Users must authenticate into the Archive using a multi-factor process and we support ADFS, M365, Okta and many other OAuth solutions.

• Any access to emails which is not conducted by a sender or recipient of the email in question is fully audited in real-time with notifications sent to the customer’s nominated Data Guardian users.

• This secure capture and storage of data coupled with audited access to the information ensure data integrity and compliance for legal purposes.