Transport Layer Security
All data exchanged between the client (Things on your device) and the server (Things Cloud) is encrypted in transit using a 2048-bit certificate. This provides industry-standard protection for your data as it travels to and from the server.
Encryption At Rest
All data is encrypted at rest on the server using industry-standard 256-bit AES encryption; no data is stored in clear text. We may also consider adding client-side encryption at a later time.
We have policies in place which restrict direct server access to only those employees who are responsible for deploying and maintaining the service; currently, that is 4 people (and does not include our helpdesk personnel). These individuals are bound by confidentiality agreements and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations. Engineers with access to Things Cloud servers are required to use two-factor authentication when accessing the system; this means that even knowing an engineer’s password would not be sufficient for gaining access to our servers.
Our data processing policies are regularly reviewed for compliance with Europe’s General Data Protection Regulation (GDPR). We only work with subcontractors who are compliant with GDPR. We only store user data that is necessary for providing our services, and anonymize it wherever possible. User data is deleted when no longer needed and after a defined retention period has passed. A Data Processing Agreement (DPA) can be provided upon request.
Removing Your Data
You are free to delete your account and remove your data from Things Cloud at any time. This can be done from within the Things Cloud account settings on your Mac, iPad, or iPhone. More on account management can be found via the links at the bottom of this page.
We have a singular intention with Things Cloud: to provide a fast, reliable and secure service to our customers. If you have any questions or concerns about the security or privacy of your data, you are welcome to contact us at any time.