Data security ensures only authorized entities have access to your data. We employ a “deny by default” security model, using role-based access controls, and assume no user should have access to your data unless you explicitly grant access. Even we do not have access to your data unless given permission by role. When you use the industry-standard security protocols our systems provide, you can remain confident only those specified have access. There is no exception.
JesusSaves ensures your data is secure via the following policies:
Deny by default
Every entity (user/process/workflow) is authenticated using secure cryptographic keys to identify the user. Then, this key is used to request access to a given system based on the entity’s membership in a role. A role has explicit permissions granted to members. Unless a user is authenticated, and authorized to access your data, they will be denied.
Encryption at rest
All data is encrypted before it is stored on disk. The decryption keys for this data are kept on your devices, and prevent anybody other than you from accessing it. This gives you complete control over who you share your data with.
Encryption during transit
All data is transmitted between devices using transport layer security (TLS) secured by certificates (commonly seen as “https” in your browser). This mechanism ensures only you and the machine you’re using have access to the data. No one in between can “listen” or capture your exchange.
On-premisis phyiscal devices
For solutions which requires local devices, your data is as secure as your physical location. Only the people allowed in your building will have physical access to your devices, and if/when the are removed from the location, they will not have the means to decrypt the data (see “Encryption at rest” above).