SideDrawer is a SOC2 Type II certified secure document management platform used by businesses and professionals for thousands of their clients. We don't just use marketing lingo like "military grade encryption" or simply rely on the SOC2 certification of our vendors.
Our security approach extends beyond encryption to structure and processes, ensuring client data and privacy remain protected. Read more in our SOC2 press release here.
Encryption is Key
AES -256 bit Encryption– which essentially means all your data is scrambled, made unreadable and put in a secure key that is only decrypted when you need to access, transfer or give someone permission to view it.
Our Mobile and Web Applications communicate with our infrastructure over TLS 1.2 and 1.3 protocols that are industry-leading for the transfer of sensitive information.
YOU always control your data, grant permission to "edit", "view only" or "no access to details" to your trusted advisors or loved ones. You can always see who has access to your documents and revoke permissions at any time.
Our infrastructure is entirely cloud based with access restrictions at every level. As an organization, we never access your data. Individuals in charge of encryption key management do not have access to the encrypted data and vice versa. Regardless, we can never see your actual data as only YOU hold the decryption key.
Audit Trail and Notifications
Every time your information is modified, there is a timestamp that lets you know who did what in your SideDrawer. You will always be aware of any changes made to your SideDrawer. If you notice something unusual, simply restore your previous version and revoke the corresponding access immediately!
Using FaceID, TouchID, SMS, Email or Push Notification, you can choose the level of security desired. You can set your multi-factor authentication with every login or when a new device is detected. SideDrawer always has your back!
Global privacy standards
At SideDrawer we believe in the right of privacy of individuals. Our systems are ready for compliance with global standards.
PIPEDA: Personal Information Protection and Electronic Documents Act (Canada)
You have the right of privacy regarding your personal information. You will always be in control of what information is collected, shared and disclosed with your trusted advisors and loved ones.
HIPAA: Health Insurance Portability and Accountability Act (USA)
All information stored in your SideDrawer is protected at all times. It is encrypted while in transit, it remains encrypted while stored in our Database and File Systems and it is only accessible by you and those that you authorized.
GDPR: General Data Protection Regulation (EU)
You have the right to know at all times what personal information is stored at SideDrawer, access such information and provide consent to SideDrawer to store your information.