Encryption at rest


We encrypt your data stored at rest by default, with no additional action required from you or your clients. We use encryption as one piece of a broader data security strategy.

Automatic encryption and decryption

We automatically encrypt all data before it is written to disk. There is no setup or configuration required and no need to modify the way you or your clients access the app. The data is automatically and transparently decrypted when read by an authorized user.

Server-side encryption

With server-side encryption, the cryptographic keys are managed on your behalf using the same hardened key management systems that we use for our own encrypted data, including strict key access controls and auditing. All data and metadata is encrypted under the 256-bit Advanced Encryption Standard, and each encryption key is itself encrypted with a regularly rotated set of master keys.

To protect your data as it travels over the Internet during read and write operations, we use Transport Layer Security (HTTPS).