Security and Privacy

Some of the steps we take to ensure your security include

All Mobile Locker data and communications are encrypted using industry best practices:

Third Party Testing
Mobile Locker hires an external company annually for penetration and security testing. Our test reports are available to current and prospective customers. Please contact us at

Encryption At-Rest
All databases and disk volumes are encrypted using  AWS KMS (FIPS 140-2 validated) and the industry-standard AES-256 algorithm.

Encryption In-Transit
All communications with Mobile Locker services and APIs use Transport Layer Security (TLS 1.2 or later) for secure connections. There is no non-­TLS option for connecting to Mobile Locker. View our Qualys SSL Labs Report.

Encrypted Backups
All customer data is continuously backed up in an encrypted format, with point-in-time recovery and daily snapshots. We validate our data recovery procedures regularly as part of our business continuity and disaster recovery processes.

Encryption Keys
All Mobile Locker encryption keys are stored in FIPS 140-2 validated hardware security modules managed by Amazon.

Privacy and Confidentiality
No Mobile Locker staff will access your data unless required for support reasons. When working on a support issue, we only access the minimum data needed to resolve your issue while respecting your privacy. Access to data is restricted by job function and monitored.

Access Controls
All the data, such as your files, is by default private and only accessible by you. If you explicitly share something with someone else, you can always revoke the access later.

Single Sign-On
Optional SSO support (OAuth and SAML) is available for Google, Salesforce, Microsoft, Okta, Ping, Active Directory Federation Services (ADFS), Azure AD, and others.

Secure Authentication
All user passwords are are stored salted and hashed (using bcrypt) and cannot be recovered by Mobile Locker staff. When using a single sign-on account to access Mobile Locker, no user credentials are stored by Mobile Locker. Optional Two-Factor Authentication (2FA/MFA) support is available for an additional layer for protection of your account.

Data Centers
The Mobile Locker service is hosted in AWS’s highly secure data centers (ISO 27001, PCI-DSS, SOC 1 certified).

Secure Configuration Management
Mobile Locker uses code reviews, automated testing, and deployments, with servers continuously updated with the latest security errata.

Need to report a security vulnerability?

Please email us directly at

Responsible disclosure

We strive to keep Mobile Locker safe and secure for everyone. If you have discovered a security vulnerability we would greatly appreciate your help in disclosing it to us in a responsible manner. We will work with you to assess and understand the scope of the issue and fully address any concerns. Emails are directly sent to our engineering staff to ensure that issues are addressed rapidly. Any security emails are treated with the highest priority as the safety and security of our service is our primary concern.


If you have questions regarding a specific policy or general inquiries regarding security, please contact Mobile Locker support.

Trusted by leading partners across the globe