Built on a foundation of privacy
Privacy and security are the guiding principles behind everything we build. Our technology is designed to provide our customers with the highest level of protection and privacy over their information.
The 4Privacy Engine
The 4Privacy Engine (4PE) is an end-to-end encryption platform that allows the owner of data to easily protect and share their data while still staying in control of who and when others can use it. This creates zero-trust and zero-knowledge for any data that needs to be protected and shared. End-to-end encryption protects the data no matter where it goes or is stored.
The 4PE protects data through its entire life cycle, including while in use. It does not matter if the data is stored in the cloud, included in an email, or stored on a device. It does not matter if the cloud storage is hacked or leaked, or a device is lost or stolen. This empowers any product or service to give their customers ownership and control of their data with end-to-end protection and easy sharing.
4PE consists of a small SDK and API that can easily be included in other products and services to enable digital ownership (protection and control) of their customers’ data. The API can use our public cloud or be deployed in a private cloud, on-prem or a hybrid. The SDK supports swift, kotlin, java, Dart/flutter, C++, Node js, and Electron.
The 4PE combines:
- End-to-End Encryption – Data is encrypted with AES-256 (the highest standard) on user devices and protected in transit, and at rest, regardless of what the infrastructure or services may do with the data.
- Private Keys – You and only you hold the keys to your data. Even when sharing data, the keys are never accessible by 4Privacy or any other service provider.
- Forward Secrecy – Keys are shared only to those who have been granted access. The moment access is revoked, the keys change. This prevents future access through a method called key displacement.
- Persisted Encrypted Content – Achieves forward secrecy without storing content on-device. When a user is added to a group, they can see what was shared before they joined. But if they leave or are removed from the group, they can no longer access any content.
- Data Protected In-Use – Decrypted content is kept only in memory and only as long as needed. When decrypted content is displayed, a visible watermark with the viewer’s identity appears to deter unwanted sharing. While we understand the analog-hole challenge makes the existence of any complete solution difficult, we are continuing to innovate on technology to reach the goal of giving digital ownership and control to all people.
- Containerization – All data in the container, including, user-added files, messages, content meta-data, and audit activity is encrypted with a unique and random container key. These keys are changed via key displacement to produce forward secrecy for the data in the container.
- Hierarchical Keys and Roles – Account owners can control and access all data. Members can only access data that the account owner authorizes.
- Identity with Multi-factor, Password-less Authentication – Entry into the system requires something-you-have (device) and something you know (a 4 digit PIN). The PIN is never stored locally on the device. The user has 5 attempts before being locked out at which point they would need their recovery key to regain access.
- No Use of Phone Numbers – Our system does not use phone numbers for registration or multi-factor authentication due to known vulnerabilities of SMS and how carriers transport and store text.
- Audit Logs – Data owners maintain visibility into who has accessed their documents, at what time, and which actions (of those that were permitted) they performed (e.g., viewing, printing, exporting).
- Distributed and Federated Services – The 4Privacy engine is designed to allow diverse storage locations and preferences.
- Zero-Knowledge Content – All of your content on 4Privacy is zero-knowledge, meaning only you and those you allow can access your data. No outside parties, including 4Privacy, can ever see your information, documents or messages.
- SOC 2 (in progress) – 4Privacy is in the process of undergoing a Type II Service Organization Control 2 (SOC 2) examination. Upon the conclusion of this examination, an independent CPA report and certification will be issued. The SOC 2 Type II report provides assurance that 4Privacy has established, and continues to follow, strict information security policies and procedures. This certification also provides independent, third-party verification that 4Privacy’s operations meet or exceed defined levels of processes and controls for security of consumer data.
- 3rd Party Validation – 4Privacy will be getting 3rd party expert review of our code and pen testing. We welcome experts who can contribute to the review and testing process.
All platforms use our 4Privacy Engine which is a C++ compiled library that uses OpenSSL1.1g for cryptographic functions.
You can find more information about our code roadmap on our GitHub. Code will be made available after review by our advisory team.
If you are a security expert or security tester and want to participate in the interim review process, please contact us here.