Security & Privacy

They’re built into your Personal Data Vault.


Personal doesn’t store your password

Only you know it. Only you have the key to unlock your encrypted data and files. For extra protection, your password is hashed using bcrypt with salting and stretching.

Important: If you forget your password, you’ll need to reset it, which will delete all your encrypted information.


256-bit AES encryption and RSA 2048     asymmetric key encryption

Default 128-bit SSL encryption with     forward secrecy

Bcrypt with salting and stretching for     passwords

Rackspace

Your data and files

Your sensitive data and all your files are encrypted while stored using 256-bit AES encryption and RSA 2048 asymmetric encryption - the same algorithms relied on by banks, the U.S. military and the U.S. government.

We protect all your information from browser to server with Secure Socket Layer encryption in a configuration that supports forward secrecy on most browsers. Just like with a bank, it prevents eavesdropping when you’re using your vault.

Don’t miss our security brief >>


Sensitive and non-sensitive information

We designate data fields as sensitive (i.e., encrypted and unsearchable) for the type of information you’d expect – usernames and passwords, financial, health, and much more – largely based on U.S. guidelines.

Look for the lock or X’s to tell you what is and isn’t encrypted. While Personal employees can technically access non-sensitive information, they only can do so in strict accordance with our Privacy Policy.


Our servers

Your data vault lives in Rackspace, which has 24/7 physical and biometric protections, in addition to firewalls, intrusion detection systems, and an array of other technological safeguards. Rackspace holds a number of certifications, including SSAE16 Type II SOC 1, SOC 2 and SOC 3 Reports, is Safe Harbor certified, and is PCI compliant.

Our systems

The security of our networks is monitored and verified by Verisign and Geotrust. We also have certified “Ethical Hackers” and “Penetration Testers” on staff who constantly monitor for potential threats and vulnerabilities.

Our business model

Most companies have security vulnerabilities built in because their business depends on knowing, using and monetizing your information, which can open holes from the outset. At Personal, we don’t need to know or use your data and files stored in your vault, and we’ve purposely cut off access to your sensitive data and all your files, which are encrypted even to us. Instead, our model is centered around giving you exclusive control over the data in your vault.

You control your data

Only you can share the information in your vault. You can also export and permanently delete it at any time. Except for our trusted service providers, we don’t allow untrusted third parties to track you while you’re on Personal, we don’t allow third-party tracking in your vault, and we don’t track you after you leave our site or our native mobile apps.

Privacy by Design

Personal is the first consumer-facing online company to be named an ambassador for Privacy by Design, and we have two individual Privacy by Design ambassadors on staff. We received these recognitions because of our technology and business practices that put you in control of what you store and share.

Learn more about the Privacy by Design Program >>

See the Privacy by Design report >>


We need your help to protect your vault. Here are a few best practices:

  • Pick a strong password using a combination of capital and lower case letters, numbers and special symbols. Don’t forget it and don’t compromise it.
  • Use a unique password for Personal that you don’t use for other sites.
  • Change your password regularly.
  • Share information only with those you trust, and avoid clicking links or opening files you receive from those you don’t know.
  • Keep your computer and browser software current with security updates.
  • Contact Personal immediately at security AT personal.com if your password has been stolen or compromised or if you believe there’s been unauthorized activity in your account. Change your password immediately.


You will be logged off in seconds. Do you want to continue your session?