Our commitment to you
Privatlocker is committed to the security of our client’s information. We focus on providing you with superior quality security and confidentiality in all critical security areas including infrastructure, application, and personnel security. Secure storage of your private and sensitive documents is assured with built-in protections against malware, spam and ransomware. Privatlocker provides encrypted and secure access to your files.
Files are proactively scanned and removed when malware, spam, ransomware or phishing is detected. And Privatlocker is cloud-native, which eliminates the need for local files and minimises risk to your devices.
Signup: Multi Factor Authentication (MFA) based signup via One Time Password (OTP) for authenticating users and allowing access to the platform.
Encryption: 256-bit AES and SSL/TLS encryption is the strongest and most robust encryption standard that is commercially available today.
PIN protection: Users are able to set a PIN for added security which may be used at Account and Locker levels.
ISO 27001 certified Data Centre: The application is hosted on Google’s ISO 27001 security certified data centre.
Timed Log Out: To protect your account from unauthorised access, our system is designed to terminate session automatically if extended inactivity is detected.
Security Audit: Audited by recognised audit agencies and the application security audit certificate are obtained at regular intervals.
User Consent Based System: Data is shared only with the user’s explicit consent. All sharing and access activities are logged and conveyed to the User. Organisations that need access to users’ documents need explicit consent from the user.
Standard Practices: Privatlocker follows standard software development practices of uniform coding standards, guidelines and reviews. Every release is reviewed and tested internally for security and penetration vulnerabilities before deployment on our servers.
Infrastructure Security
- SOC 2 Compliant Data Centre – Google Cloud
- State-of-the-art physical security and fire protection systems at data centre
- Redundant Virtual Server Environment
- 2048-bit encryption
- Symantec Endpoint virus scanning
- Monitored firewall mechanisms and intrusion detection software
- Bi-Annual penetration testing of infrastructure and application
Application Security
- Multiple User Security Access Levels
- Individualised Security Sections
- Encrypted Password Protection
- Multi-Factor Authentication (Security Question and Answer)
- Document Print, Share and Download Controls
- Audit Tracking
Personnel Security
- Pre-employment screening, background checks and NDAs for all staff
- Comprehensive staff training
- Quality and access control policies and procedures
Zero Trust Security
Privatlocker emphasises a proactive and dynamic approach to security that aligns with the changing nature of cyber threats and the evolving IT landscape.
Privatlocker Zero Trust is built on three core concepts:
Verify Explicitly: Privatlocker emphasises the importance of authenticating and authorising users and devices before granting them access to resources. In our Zero Trust environment, nothing is assumed to be inherently trusted. Every user, device, or application attempting to access resources must go through a robust identity verification process. This involves multi-factor authentication (MFA), which requires users to provide multiple forms of evidence to prove their identity. By verifying explicitly, Privatlocker ensure that only authorised and legitimate entities gain access to sensitive assets.
Least Privilege: Privatlocker adopts the principle of “Least Privilege" which focuses on granting the minimum level of access necessary for users, devices, and applications to perform their tasks. This means that even if a user’s identity is verified, they can only have access to the tools and data required for their role. By restricting access rights to Privatlocker, the potential impact of a security breach is significantly reduced. If an attacker gains access to a user’s credentials, the damage they can inflict is limited.
Assumed Breach: Instead of assuming that the Privatlocker perimeter is impenetrable, Zero Trust assumes that breaches can and will occur, whether from external attackers or insider threats. This principle acknowledges the reality of the evolving threat landscape and focuses on rapid detection and response to security incidents. Privatlocker continuously monitors, detects anomalies, and is ready to minimise the time attackers have within the network.
By adhering to these three core principles, Privatlocker has established a robust and adaptive security posture. Our Zero Trust architecture recognises that traditional perimeter-based security measures are no longer sufficient to protect our network, which includes cloud location, remote access scenarios, and a variety of devices.
Zero Knowledge Security
Privatlocker’s Zero Knowledge framework is a cryptographic concept that refers to the method by which one party (the prover) can prove to another party (the verifier) that a statement is true without revealing any specific information about the statement itself.
In other words, the prover can demonstrate knowledge of a fact or piece of information without disclosing the actual content of that knowledge. This concept is used to enhance privacy and security in various applications, particularly in scenarios where sensitive information needs to be verified without exposing the underlying data.
Zero Knowledge Proofs are the mathematical protocols used to achieve this. They allow a prover to convince a verifier that a statement is true while providing no additional information that could be used to deduce the statement’s details. They are based on complex mathematical computations that ensure the integrity of the information being verified without disclosing the information itself.
Operational Procedures
Privatlocker follows best practices to keep your data secure.
We regularly audit our environments and code for security issues and apply patches expeditiously. We use commercial services that regularly check our site and we retain our own security experts to probe and verify the security of our site.
No Access to Your Information
Our strict internal procedures prevent any Privatlocker employee from gaining access to your account beyond the limited amount of data necessary to help grant you access to your account and restricting access to your account in urgent circumstances.
Privatlocker employees can never see your data or any documents that you upload and Privatlocker logs and regularly audits all accesses to your account.