We started in encryption nearly 40 years ago, protecting governments, global financial networks, and military communications from the most determined attackers.

And all that experience can be found in every decision we make about security.

Many solutions claim they are encrypted but what they really mean is they rely on basic encryption by their cloud provider to secure your data. But they can still see every document and message uploaded by your clients which means so can any attacker who gains access to their systems – This is not real security or privacy so when building DropVault we decided to take a different approach.

We set out to build one of the most secure and private platforms where security is built in at every level so that your data is protected at every step. When it comes to privacy we don’t need to see your content or any documents you upload but just encrypt and store them so they are protected even from our team.

Unlike most sharing apps and even email where you share a simple link, we authenticate every access in so that you know which contact has signed in, when they accessed your content, when and where from.

Authentication is critical for sharing anything sensitive and provides a level of security unmatched by apps using simple email links

DropVault uses App level encryption which means the encryption of your data is managed by the DropVault app and not by our servers or cloud provider. This ensures that your data remains secure even from our IT team or cloud provider. A breach of our servers will never compromise encrypted data and never expose the original content.

The DropVault app also creates and manages your encryption keys and are only accessible via the app and not by any external user.

DropVault uses industry standard symmetrical AES GCM encryption on all messages, replies and documents with strong 256 bit keys. This ensures your data stays secure even from quantum computing attacks. At no time is your key shared with any team member or contact and it is never shared or stored unencrypted in the client device.

Security can’t bring too much friction so we support single sign on (SSO) for your team members and external contacts. Use your Gmail, Microsoft, Outlook and soon Apple ID to access your dashboard or for any contact to sign into any channel or portal.

Session Hyjacking is an increasing threat where an attacker copies your session identifier and can then impersonate you and gain access to your account. We have built detection code into the DropVault platform to detect any stolen session and automatically take action to secure your account.

When you create a new channel we generate a randon, unique and stong key specific to that channel and we then store this key in the key vault. This ensures that each channel is segregated from any other which adds protection and security for your converations and documents in your channel

The accepted best practice for any encryption is to store the encryption key as far away as possible from the data it is securing. So we store all keys in an external key vault/HSM.

DropVault supports our own key vault (HSM) but enterprise customers can provide their own key vault (bring your own key). When the 256 bit key is generated we copy it to the HSM and store it with an identifier for the channel it belongs to. All access to this vault is tightly controlled and can only be read by the DropVault app.

Each key in the vault is enabled as a soft delete – this ensures that if a key is accidentally deleted it will remain in the “soft delete” acrchive for 90 days so it can be retrieved if the key was found to have been deleted in error.

DropVault enforces strong password policies for every team member accessing your portal, with no user selectable passwords allowed. Any attempts by any member to change a password will trigger an instant alert.

Multi-factor authentication is switched on by default, including the option to authenticate users using an authenticator app on their phone.

Once your computer, device, or location have been registered with your SafeRoom, DropVault will now allow access to your SafeRoom from any other device or location unless you add them. A simple but powerful way to keep intruders out.

Support for native Passkey (FIDO) authentication allows for facial and fingerprint biometrics access to both sign in and channels, providing enhanced security and less friction for businesses and contacts.

If all your clients are in the US, there’s no need to allow login access attempts from other countries. Flexible IP blocking makes it easy to decide what access requests are blocked by default.

Your own dedicated security dashboard makes it easy to view, monitor, and track your user and contact logins, their access locations, any MFA failures or discrepancies, and any unusual behavior.

Our system continuously monitors every connection and every attempt at access and takes immediate action to limit access if any suspicious activity is detected. You can also choose the type and severity of any response.

To enhance security, session timeouts can be easily be set and modified, from 15 minutes to 150 days.

Customize how the app responds to changing user locations, session timeout etc

If required, you can easily store and manage all your encryption keys in your own corporate key vault (HSM).