  • All pages are served over HTTPS and encrypted using Transport Layer Security (TLS)
  • Uploaded are encrypted in-transit over HTTPS and at-rest with one of the strongest encryption ciphers available (AES-256)
  • Files are stored in the Amazon Web Services cloud (AWS), with regular offline backups stored in a secure location
  • Data access is tightly controlled through user authentication and role-based access control (RBAC)

Data Storage

  • Deposited files are stored in highly durable cloud storage on AWS
  • Integrity of uploaded files is verified using file checksums
  • Deposited files checksums are calculated as MD5 digests and provided in abbreviated form on the Deposit Certificate as the deposit “Signature”

Data Security and Encryption

  • All connections to the SoftEscrow Client Portal are served over HTTPS with TLS encryption, providing in-transit encryption
  • All web servers serving the SoftEscrow Client Portal have full-disk encryption enabled, providing at-rest encryption
  • All data transmitted between SoftEscrow web servers and AWS cloud storage is sent over HTTPS with TLS, providing in-transit encryption
  • Deposited files are stored in AWS with Server-Side Encryption using the 256–bit Advanced Encryption Standard (AES-256) block cipher, providing at-rest encryption

Data Access

  • Uploaded files are only accessible by administrator users with designated roles (RBAC) for the purposes of making offline backups
  • All user passwords, including administrator passwords, are hashed with unique, per-password salts
  • Direct cloud storage access is available only to SoftEscrow super-user administrators
  • Authentication and access records are retained for web application, server, and cloud storage access attempts