Security and Privacy
All Mobile Locker data and communications are encrypted using industry best practices:
Third Party Testing
Mobile Locker hires an external company annually for penetration and security testing. Our test reports are available to current and prospective customers. Please contact us at security@mobilelocker.com.
Encryption At-Rest
All databases and disk volumes are encrypted using AWS KMS (FIPS 140-2 validated) and the industry-standard AES-256 algorithm.
Encryption In-Transit
All communications with Mobile Locker services and APIs use Transport Layer Security (TLS 1.2 or later) for secure connections. There is no non-TLS option for connecting to Mobile Locker. View our Qualys SSL Labs Report.
Encrypted Backups
All customer data is continuously backed up in an encrypted format, with point-in-time recovery and daily snapshots. We validate our data recovery procedures regularly as part of our business continuity and disaster recovery processes.
Encryption Keys
All Mobile Locker encryption keys are stored in FIPS 140-2 validated hardware security modules managed by Amazon.
Privacy and Confidentiality
No Mobile Locker staff will access your data unless required for support reasons. When working on a support issue, we only access the minimum data needed to resolve your issue while respecting your privacy. Access to data is restricted by job function and monitored.
Access Controls
All the data, such as your files, is by default private and only accessible by you. If you explicitly share something with someone else, you can always revoke the access later.
Single Sign-On
Optional SSO support (OAuth and SAML) is available for Google, Salesforce, Microsoft, Okta, Ping, Active Directory Federation Services (ADFS), Azure AD, and others.
Secure Authentication
All user passwords are are stored salted and hashed (using bcrypt) and cannot be recovered by Mobile Locker staff. When using a single sign-on account to access Mobile Locker, no user credentials are stored by Mobile Locker. Optional Two-Factor Authentication (2FA/MFA) support is available for an additional layer for protection of your account.
Data Centers
The Mobile Locker service is hosted in AWS’s highly secure data centers (ISO 27001, PCI-DSS, SOC 1 certified).
Secure Configuration Management
Mobile Locker uses code reviews, automated testing, and deployments, with servers continuously updated with the latest security errata.
Please email us directly at security@mobilelocker.com
We strive to keep Mobile Locker safe and secure for everyone. If you have discovered a security vulnerability we would greatly appreciate your help in disclosing it to us in a responsible manner. We will work with you to assess and understand the scope of the issue and fully address any concerns. Emails are directly sent to our engineering staff to ensure that issues are addressed rapidly. Any security emails are treated with the highest priority as the safety and security of our service is our primary concern.
Questions?