Security is the number one priority at Splikity. We take all steps to make sure that user data is secure. In order to make sure our users are secure, we use the industry leading AES-256 encryption algorithm - the same algorithm used by governments, militaries and intelligence agencies to encrypt and protect information classified as TOP SECRET. One of the critical steps that Splikity takes to ensure that our users data is secure is to encrypt and decrypt user data locally on the users device. By encrypting and decrypting locally on the users device, no sensitive user data ever leaves the user’s device.
The information that is encrypted on the user's device can not be decrypted without the users decryption key which is unique to each user and only known by the user. The decryption key is created from the user's password and a random salt. The users password is known only to the user, never leaves the user's device and is never known to Splikity. This makes it impossible for anyone to decrypt user data except for the user.
Splikity employs many layers of defense that protect users to ensure that user data cannot be accessed by anyone but the user. To further protect and increase the security of the user's password, Splikity uses Password-Based Key Derivation Function, also known as PBKDF2. PBKDF2 is the leading key stretching algorithm and it adds an addition layer of security to keep the user secure by increasing the complexity of their password. Splikity combines this secure key stretching algorithm with SHA-256. Splikity runs the user’s decryption key through an industry leading 250,000 rounds of PBKDF2-SHA256. This ensures that the data of Splikity users is the safest in the industry.
In addition to these leading security practices, Splikity uses SSL exclusively to transfer data. This is in addition to the security measures that encrypt the user data with AES-256 and PBKDF2-SHA256 which makes the user's data unusable to both Splikity or any nefarious third-party. This policy of never asking for or receiving sensitive data reduces chances and ramifications of an attack. At Splikity, we use best practices and firewalls to protect the servers and service, but our best line of defense is that we go to great lengths to never have access to data that is sensitive to users at all.
In addition to the industry leading security and encryption precautions taken to keep user data secure, Splikity data centers have the following certifications:
✓ HIPAA
✓ PCI
✓ SOC 1/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
✓ ISO 9001
✓ ISO 20071
✓ Mobile Apps
✓ FISMA Moderate
✓ Sarbanes-Oxley (SOX)