Security

The security of your data is critical to the success of our business so you can be assured we take security extremely seriously. These are the most frequently asked questions we get regarding security. If you have any questions or want to discuss this further please don’t hesitate to contact us.

Do you get independent security reviews?

Yes. We partner with Matasano, a world class security firm to carry out independant penetration tests, source code assessments & security reviews. They also advise on encryption algorithms and best practices to help us continually enhance the protection of your data.

How can I protect my ThisData account?

Make sure you use a strong password that is different from the passwords you use for other services. We also recommend that you enable Two Factor Authentication on your ThisData account as it adds an extra layer of security. How to set up Two Factor Authentication.

Are my files and data encrypted in transit?

Yes. Transport Layer Security (TLS) is used to protect the transfer of files and data from your cloud applications to the ThisData storage infrastructure. We score the highest possible grade on the industry standard Qualys SSL test.

Are my files and data encrypted at rest?

Yes. All data and files are secured using AES-256 bit encryption before getting saved to the ThisData storage infrastructure. A small subset of metadata (i.e. company name, file name etc) is stored without encryption in our search engine to enable the fast search of data across your cloud backups.

How secure are your data centers?

ThisData uses Amazon Web Services for hosting servers and backup data. These data centers utilize industry leading security policies and are SOC 1/SSAE 16/ISAE 3402, SOC 2, SOC 3 and ISO 27001 compliant. ThisData has had a technical review of services and architecture by Amazon to ensure we are leveraging all of the security features on offer.

Can your employees see my files and data?

Your data is only searchable by you or users that you give ThisData access to. With a legitimate reason a small group of our technical team may access metadata to assist in troubleshooting or customer support. For more detail please see our terms of service and privacy policy.

Do you participate in any bug bounty programs?

Yes, to compliment our security reviews from Matasano we also believe in crowd sourced security testing and encourage security researchers to test our systems. If you think you have found a possible issue please submit it via our HackerOne profile.