Privacy Policy

Data integrity and backups

Your data is safe with us. We have a robust backup solution that allows us to move our databases back in time as needed, be it minutes or weeks. In the unlikely event of a fatal infrastructure failure, your data will be saved locally on the device, until we are back live. Your AllActivity will never miss a beat and catches up quickly when the connection is restored. And we take pride in our ability to automatically spin back up from square zero in a matter of minutes.

Data protection in transit

AllActivity relies on SSL to the point of enforcing it. We will never allow unprotected data to leave your device or our servers, in fact our integration is designed to refuse a connection rather than permit a transmission in a plain, unencrypted form. Therefore, it is not practical to intercept your account password, nor any other data sent to us, by a man-in-the-middle attack.

The private cloud networks that house our infrastructure feature an advanced protection against unauthorized traffic, port scans, packet sniffing and address spoofing. Most of the assets are protected by a security whitelist, and will refuse any requests, unless they are coming from a specifically authorized counterparty.

Data protection at rest

Our infrastructure relies on industry-leading vendors that offer the highest standards for privacy and data security. Our database clusters as well as all their backups are encrypted at all stages of their lifecycle.

Our data store is protected by a symmetric algorithm based on Advanced Encryption Standard (AES) in Galois Counter Mode (GCM) with 256-bit keys, an industry standard for secure encryption. The ciphertext that this algorithm generates supports additional authenticated data (AAD), such as an encryption context, and GCM provides an additional integrity check on the ciphertext. Therefore, both confidentiality and integrity is strongly ensured.

User passwords

Your password is encrypted one-way using the bcrypt and a random value known as ‘salt’, an industry standard algorithmic solution for storing passwords. That means we will never know your password, however it is still possible to reset it to access your data in case the password is lost. Salting ensures high resilience against pre-computed attacks such as rainbow tables.