To ensure your data remains private and secure, cloudHQ uses these best practices:
- We do not store your files on our servers (we only replicate).
- We use *only* encrypted SSL to communicate with cloud services.
- Our product software and infrastructure is updated regularly with the latest security patches. Our network is protected by an enterprise-class firewall.
- We never store any password nor even hashed password on our servers. Everything is based on OAuth and OpenID.
- cloudHQ uses Google Federated Login password-less authentication for user authentication. This means that somebody can access your cloudHQ account if and only if that person is logged into your Google account.
- All OAuth tokens and passwords (if service does not support OAuth) are encrypted using 256-bit AES encryption. The AES keys for encryption and decryption of OAuth tokens are encrypted and stored in a special “wallet file.” This wallet is encrypted using a password which is not stored on any of our servers. The password to open this “wallet” is known only to our admin who manages our production servers.
- Our employees are forbidden to see your filenames or download files.
In cases when our support needs to access filenames or file content, we will ask you for your explicit permission to do that. All access will be logged and you can request to get audit logs with who, how, and when your filenames were accessed while solving your support ticket.