The security of our users is very important to us at Diffeo. Every choice we make and feature we add is examined with security in mind.
What We Keep
To provide you with lightning-fast search across all your cloud platforms and devices with Cloud Search, and help you dig deeper with Advanced Discovery, Diffeo stores certain pieces of information about your content, as well as usage data from your interactions with Diffeo services.
Cloud Account Tokens
When you integrate a cloud service with Diffeo, the industry standard OAuth 2.0 protocol is used to synchronize your account. The credentials that Diffeo receives are then automatically encrypted before they are stored or transmitted, and are only accessible from within our cloud system. Even if someone were to gain access to your Diffeo account, they still would not have access to the decrypted version of these credentials, so your other cloud accounts would remain safe and secure.
To automatically tag your files and provide you with the best possible search quality, Diffeo processes the content of your files. Where possible, Diffeo only sends extracted text from the document, leaving behind the rest of the content. The parts of a file that do get uploaded are encrypted by Google Cloud Platform’s built in tools and by Diffeo with industry standard AES-256 encryption. Employees of Diffeo do not have direct access to your files.
As soon as a file’s content enters our system, Diffeo analyzes it to produce tags and other searchable information from the document. These tags are sent to our database and search indices. Once the tags are stored, Diffeo erases the file from our system. Diffeo does not store your files.
Once your files have been analyzed, the basic Diffeodata and extracted tags are stored in search indices that allow the most relevant results to be retrieved extremely quickly. Currently, this information is kept on high-performance enterprise servers hosted by Algolia. Their enterprise tier provides us with dedicated hardware specific to Diffeo. Once the tags and Diffeodata we’ve extracted from your files are in this search index, no one has access to that content but you.
To continually improve the search quality and user experience that Diffeo provides, we leverage a number of common technologies that give us insight into user behavior. To monitor the performance, we use New Relic for our web and mobile apps. We also collect bug and crash report data through Sentry and Crashlytics.
As you modify and interact with files, Diffeo receives notifications from your cloud services and your Mac Client to efficiently keep your files up to date. We also keep track of search activity through an internal metrics system that securely stores data within Google Cloud Platform. This information is used to continually improve the quality of our searches and the user experience that Diffeo provides. Diffeo also reacts to your usage in real time to improve the quality of search results that you see.
Stripe Billing Token
Web Security Standards
We use HTTPS with the strictest security settings to ensure that users are always communicating securely with our servers. We also use a number of web security features to ensure that users can only communicate with us over encrypted connections.
Our services at accounts.diffeo.com use OpenSSL FIPS 140-2 Certified cryptography for HTTPS connections. Cryptography that is FIPS 140-2 certified has been approved for use by NIST. We also make use of Amazon Web Services, which provides information about it’s use of FIPS 140-2 here.
Ongoing Security Efforts
We constantly audit our application for security vulnerabilities.
If you are a security researcher and have an issue to report, please responsibly disclose it to us. You can send us an email at firstname.lastname@example.org. We also have a bug bounty program set up at hackerone.com/diffeo that is currently in invitation-only mode. We plan to launch it publicly in the near future. If you would like to take part in that program now, just send us an email.