Only you know it. Only you have the key to unlock your encrypted data and files. For extra protection, your password is hashed using bcrypt with salting and stretching.
Important: If you forget your password, you’ll need to reset it, which will delete all your encrypted information.
256-bit AES encryption and RSA 2048 asymmetric key encryption
Default 128-bit SSL encryption with forward secrecy
Bcrypt with salting and stretching for passwords
Your sensitive data and all your files are encrypted while stored using 256-bit AES encryption and RSA 2048 asymmetric encryption - the same algorithms relied on by banks, the U.S. military and the U.S. government.
We protect all your information from browser to server with Secure Socket Layer encryption in a configuration that supports forward secrecy on most browsers. Just like with a bank, it prevents eavesdropping when you’re using your vault.
We designate data fields as sensitive (i.e., encrypted and unsearchable) for the type of information you’d expect – usernames and passwords, financial, health, and much more – largely based on U.S. guidelines.
Your data vault lives in Rackspace, which has 24/7 physical and biometric protections, in addition to firewalls, intrusion detection systems, and an array of other technological safeguards. Rackspace holds a number of certifications, including SSAE16 Type II SOC 1, SOC 2 and SOC 3 Reports, is Safe Harbor certified, and is PCI compliant.
The security of our networks is monitored and verified by Verisign and Geotrust. We also have certified “Ethical Hackers” and “Penetration Testers” on staff who constantly monitor for potential threats and vulnerabilities.
Most companies have security vulnerabilities built in because their business depends on knowing, using and monetizing your information, which can open holes from the outset. At Personal, we don’t need to know or use your data and files stored in your vault, and we’ve purposely cut off access to your sensitive data and all your files, which are encrypted even to us. Instead, our model is centered around giving you exclusive control over the data in your vault.
Only you can share the information in your vault. You can also export and permanently delete it at any time. Except for our trusted service providers, we don’t allow untrusted third parties to track you while you’re on Personal, we don’t allow third-party tracking in your vault, and we don’t track you after you leave our site or our native mobile apps.
Personal is the first consumer-facing online company to be named an ambassador for Privacy by Design, and we have two individual Privacy by Design ambassadors on staff. We received these recognitions because of our technology and business practices that put you in control of what you store and share.