All data is encrypted in-flight using military-grade encryption. Screendoor enforces HTTP Strict Transport Security, meaning that we automatically redirect all insecure requests before they reach our application servers. We have received an “A+” rating from Qualys SSL Labs.
Whenever possible, communications are further protected with perfect forward secrecy. Forward secrecy protects past sessions against future compromises of secret keys or passwords.
Screendoor’s public resources are cached on Amazon’s Cloudfront CDN, which helps to mitigate Distributed Denial of Service (DDoS) attacks.
Our servers are housed in a facility that achieves FISMA Moderate accreditation. The building is unmarked, staffed 24 hours a day with onsite security, and equipped with surveillance cameras and biometric readers.
Our infrastructure provider is a FedRAMP compliant Cloud Service Provider, and has been assessed by an accredited FedRAMP 3PAO.
Infrastructure changes are fully audited and regularly inspected by DOBT staff.
DOBT employees are unable to access or manipulate your private data unless you explicitly allow us to do so during a support request. All employees sign a non-disclosure agreement to protect the confidentiality of your data in this scenario.
All employee hard drives are encrypted.
Access to all internal applications requires two-factor authentication, and is logged for auditing.
All uploaded files (e.g., attachments) require login and appropriate privileges to read.
You own your data, and can export it all at any time. All data is exportable in JSON format, which does not require any proprietary application to read and access.
You maintain control over who is added to your account, thereby giving you complete control over who has access to your data.