We realize that email contains your most personal and private data, so we take security and privacy of our user’s data extremely seriously.
By design, we limit the information that is held on our servers. Your email never resides on our servers, except for the moment that we send your Sane RemindMe email back to you (and even then we try to measure in seconds the time that any one email is on our disks).
Also by design, SaneBox acts as a client so that if our service should be down for a minute or two (we shoot for 5 9’s of uptime), your email will continue to be delivered to your Inbox. The only side effect of our being down would be that your unimportant email will linger in your Inbox, mocking you.
We approach security as 4 layers. Each layer, while as impervious as we can make it, is backstopped by the other layers.
We colocate with CDW in hardened facilities in secure racks. CDW’s high-tech data centers deliver hosted applications, colocation and managed services. The data centers are housed in nondescript facilities and have extensive setback and military grade perimeter control as well as other natural boundary protection.
Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, state of the art intrusion detection systems and other electronic means.
CDW’s facilities use high resolution cameras with video analytics and other systems to detect and track intruders. Additional security controls such as thermal imaging cameras, perimeter fences and biometrics may be used when necessary.
Authorized staff must pass two-factor authentication no fewer than three times to access data center floors. All consultants and visitors are required to present identification and are signed in and continually escorted by authorized staff. CDW only provides data center access and information to employees who have a legitimate business need for such privileges. When an employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee of CDW. All physical and electronic access to data centers by CDW employees is logged and audited routinely.
CDW’s clusters are architected with resiliency and redundancy in mind. This helps in minimizing single points of failure and the impact of common equipment failures and environmental risks. Dual circuits, switches, networks and other necessary devices are utilized to provide redundancy. To support CDW’s continuous and 24x7 operations, a primary and alternate power source with equal capacity is provided for every critical component. Air cooling maintains a constant operating temperature for servers and other computing hardware. Cooling prevents overheating and reduces the possibility of service outage.
The application software and application database are backed up daily to ensure recoverability in the event of system failure. Backup files are stored securely on read-only media and secured such that access is limited to appropriate personnel only. Backup files never leave the data center.
The service and database machines do not accept any connections from the public internet. A user must establish a VPN connection to our private network. A VPN uses data encryption and other security mechanisms to prevent unauthorized users from accessing data.
This channel is a temporary direct session and is commonly referred to as tunneling.
The user is required to provide individual cryptographically strong SSH keys to gain access to a bastion host. The bastion host is a powerful server with improved security measures and custom software. It undergoes regular maintenance and audit.
SSH is a ubiquitous protocol that provides authentication, encryption and data integrity to secure network communications. It offers encrypted connections for a variety of purposes, including logging into remote machines, transferring files, setting up encrypted tunnels and more. Bastion hosts are specifically built systems that are designed and configured to protect the management plane of the cloud.
Once connected to the bastion host, the user has to provide SSH keys to gain access to one of the service machines. All such access is logged and routinely audited. Finally, all data on the server is secured with bank-quality encryption.
Your email is never resident on our servers. Our software cannot see the content of your emails, since the body of your emails will never touch our servers. Your email authentication credentials are bank-quality encrypted via industry best practices. Currently this means that they are encrypted via blowfish cbc with a cryptographically secure randomized 8-byte initialization vector. Your SaneBox password is hashed in the database also using industry best practices. Currently this means that they are salted and hashed using 500 iterations of SHA256 via a NIST-approved PBKDF2 algorithm. An industrial strength passcode must be entered to even start up the software. This means that someone could walk off with the entire database and the entire code base and still not get access to a single authentication credential. This master startup passcode is known to only a few trusted employees.
SaneBox identifies the important emails in your email inbox. The servers that calculate the importance of your emails and label them are unavailable for inbound connections from the public internet. The calculation of importance is done by an algorithmic engine. Only the engine looks at the headers of your emails and your social network connections, not people. Our engineers work on the algorithmic engine, not the email.
SaneBox Inc. maintains a detailed internal security policy issued to all employees and reviewed frequently. The employees are required to conduct themselves in a manner consistent with the policy. We only hire people who come highly recommended and referred by our trusted contacts. Prior to hire, we will verify an individual’s education and previous employment, and perform extensive reference checks.
Employees are provided with security training as part of new hire orientation. SaneBox provides confidential reporting mechanisms to ensure that employees can anonymously report any ethics violation they may witness. Hence, it is the most vetted subset of our trusted employees that even access that final encryption key.
Privacy and security are the top priorities in any business decision. When faced with a choice to offer a valuable feature that would even marginally increase the security and privacy risk, it is our company policy to not move forward with that feature. We spend time each month looking for ways to secure the system further.
Always remember that someone could look over your shoulder someday while you type your password. Or someone could get you to click on a phishing email and get you to enter your credentials to a phishing site. You should always be as careful as SaneBox!