With Smartlockr, your data is encrypted and then sent encrypted. But what happens next? Where is the data stored and who has access to it? It is one of our frequently asked questions. That is why we are happy to explain it to you in this blog.
First, let us start with what happens to your data. With Smartlockr, your data is encrypted, sent encrypted and then stored. It uses "Zero-knowledge end-to-end encryption". As the word suggests, zero-knowledge means that no one, not even the supplier, has access to the contents of the transferred and stored data. These are only accessible to the sender and the authenticated recipient, hence "end-to-end". This is a way of encrypting data, where only authorised parties have access to the data.
All connections from and to the supplier’s platform are secured with TLS1.2 connections which makes use of strong encryption-algorithms. All information is encrypted with an automatically generated AES-GCM key per dispatch. Simply put, there are multiple layers of protection on top of your data that ensure its security.
So where is my data stored? you might ask. Smartlockr uses the Microsoft Azure Cloud platform, located in Western Europe.
Microsoft Azure offers a trusted and very stable storage medium. This data is only stored within the European Union as the European privacy legislation is in effect there (AVG / GDPR). The data we send is stored in the Microsoft Azure Datacenter in Amsterdam.
No one has access to the data, except for the authorised sender and recipient(s). Once again, all data is sent and stored with the application of zero-knowledge end-to-end encryption, meaning that neither the supplier nor Microsoft have access to your data. In addition, a backup is stored in the Windows Azure Datacenter in Dublin. This backup is only used when the data in Amsterdam is not available, for example due to calamities.
The CLOUD Act is a federal data law pertaining to the cloud. This ensures that US authorities can gain access to data from US communications services without judicial review. However, as the law only applies within the US, this is not the case for data stored in the EU. This means that US authorities, without your knowledge, cannot access your data in Europe if you do not have it stored with a US supplier. The difference in the way in which these regulations are set up and to whom they relate therefore means that your data is secure within Europe.
Working in the Cloud is becoming increasingly popular. Various departments can always easily share information without being physically present in the office. In addition, with Smartlockr your data is always secure, before, during and after shipment of the email. This is made possible by additional awareness through notifications as well as zero-knowledge end-to-end encryption, two-factor authentication and a secure TLS connection during data transfer. Finally, your data is stored in secure storage after sending, without access by third parties, not even by Smartlockr because we don't store or log any keys, only the authenticated users.
Do you want to know more about how to safely handle data in the Cloud? You can find out more here: How to make sure you work securely with Cloud email