Security and Privacy

Some of the steps we take to ensure your security include

  • All Mobile Locker data and communications are encrypted using industry best practices:
    Encryption At-Rest: All databases and disk volumes are encrypted using industry standard AES-256 encryption.
    Encryption In-Transit: All communications with Mobile Locker services and APIs use Transport Layer Security (TLS 1.2 or later) for secure connections. There is no non-­TLS option for connecting to Mobile Locker. View our Qualys SSL Labs Report.
    Encrypted Backups: All customer data is continuously backed up, with point-in-time recovery and twice-daily snapshots stored encrypted. We also validate our data recovery procedures regularly.
    Encryption Keys: All Mobile Locker encryption keys are stored in FIPS 140-2 validated hardware security modules managed by Amazon.
  • Data Privacy: No Mobile Locker staff will access your data unless required for support reasons. When working a support issue we only access the minimum data needed to resolve your issue while respecting your privacy.
  • Access Controls: All the data, such as your files, is by default private and only accessible by you. If you explicitly share something with someone else, you can always revoke the access later.
  • User Credentials: All user passwords are secured with bcrypt and stored salted and strongly hashed and cannot be recovered by Mobile Locker staff. When using a single sign-on account to access Mobile Locker, no user credentials are stored on the Mobile Locker servers.
  • Single Sign-on: Optional SSO support (OAuth and SAML) is available for Google, Salesforce, Microsoft, Okta, Active Directory Federation Services (ADFS), Azure AD, and others.
  • 2FA/MFA: Optional Two-Factor Authentication support is available for an additional layer of protection of your account.
  • Data Center: The Mobile Locker service is hosted in AWS’s highly secure data centers (ISO 27001, PCI-DSS, SOC 1 certified).
  • Secure Configuration Management: Mobile Locker uses code reviews, automated testing and automated deployments, with servers continuously kept up to date with the latest security errata.

Need to report a security vulnerability?

Please email us directly at security@mobilelocker.com

Responsible disclosure

We strive to keep Mobile Locker safe and secure for everyone. If you have discovered a security vulnerability we would greatly appreciate your help in disclosing it to us in a responsible manner. We will work with you to assess and understand the scope of the issue and fully address any concerns. Emails are directly sent to our engineering staff to ensure that issues are addressed rapidly. Any security emails are treated with the highest priority as the safety and security of our service is our primary concern.

Questions?

If you have questions regarding a specific policy or general inquiries regarding security, please contact Mobile Locker support.