Our priority is your security.
We are the only digital service in the world that gives you total control over the destiny of your information, in case of death. This is a huge responsibility, and we know it.
That is why took quite a while to get ready. Through our App you will be able to prepare secure messages autonomously and confidentially, whenever you want.
When you subscribe to the 3NCRYPT3D service you can count on these security features:
Audited by AgileInfosec (08/18)
In August 2018, we hired AgileInfoSec, an English company specialized in cybersecurity, in order to search for vulnerabilities. To do so, and for 15 days, penetration tests (Black Box testing) and code review (White Box testing) were performed. Some non-critical recommendations for improvement were made and promptly implemented. Excerpt from the report: “None of the findings are critical, and the applications overall have a good security posture”. We passed the test!
3 layers of encryption (or we don’t play in service)
We apply multiple layers of encryption on your data:
In communications between the 3NCRYPT3D App and our servers:
– 2048-bit RSA key SSL/TLS initial tunnel
– Additional tunnel with symmetrical 256-bit AES encryption
– Client-side encryption 256-bit AES, applied to your contents, by the app, before they are sent to our servers.
On your data after it has been saved on our servers:
– 256-bit AES Transparent Data Encryption activated on our data server.
– Client-side encryption 256-bit AES, applied to your contents by the application, before they are sent to our servers.
So you understand more easily what this means: it would take more than 14 billion years to be able to break only one of these layers, even using the most powerful supercomputer of today. In 3NCRYPT3D, we overlay 3 layers in communications and 2 layers in storage, because we are really “paranoid” about the security of your messages.
Microsoft Azure Data Centers
Our data centres are located in the Netherlands, under the strict European Data Protection legislation, and are audited and certified to the most demanding security standards of today:
SOC 1 e SOC 2
G-Cloud (Reino Unido)
More info in Azure Microsoft Trust Center
Reinforced access protection
Even if someone knows your username and password, it is impossible to access and change your saved messages. Your account can only be accessed in its fully functional way through our Application, installed and authorized by you, linked exclusively to your account.
Limited browser access to the account
To avoid the potential risk of insecurity related to the use of browsers, whenever you access your account via a browser, you will only be shown a very limited subset of non-sensitive information, which will be read-only. If you need to change any setting using this means, you will need to confirm that operation using a PIN Code and, in some cases, additional verification via email.
Security on site 24h/day
Data centers are protected by 24/7 security, with stringent access requirements, secure confidential areas, and very demanding identification requirements.
Transport Layer Security on Delivery
Messages sent to your recipients are delivered encrypted through a secure SSL connection via the web page. This way, your recipients do not need to have any special software installed. The message reading process requires the recipient to enter the email address where the link was sent and the right answers to the security questions set for that particular recipient. If any of the above requirements are not met, the messages will not be delivered.
Our service implies 2FA by default to access your account via web browser. When you access your account through your browser, you must provide more than just a username and password to have access. You will also be asked to enter a temporary, single use code, that is sent to your email account.
We will never be able to access your messages and attachments. Each message you create and all its attachments are encrypted by the 3NCRYPT3D App on your device before they are sent to our servers. Due to the nature of the encryption we use it is impossible for us to read or decrypt this information. This is called “Zero-knowledge Encryption”. When you choose to open a previously created message, our servers send it to your App, fully encrypted, and the App decrypts the message using the same encryption key used to create the message.
Zero-Knowledge Authentication Protocol
This protocol ensures that your Password and PIN Code will always be transmitted and stored in our system in encrypted or encoded form. This means that your Password (and PIN Code) is not stored on our servers. Instead, we store a hash of them, re-processed 1000 times through an algorithm called PBKDF2 with a 48-bit salt. When you log in to 3NCRYPT3D, the password you enter is “Hashed” with the function described and the result of this operation is compared to the value we have stored. If both values match, it means that you have entered the correct password, and you are given access to your account.
Disaster protection and recovery
Encrypted data is copied to more than one data center, all of which are located in Western Europe, to ensure there are no service interruptions in case of fire or lack of data.