How does PreVeil protect my data?
PreVeil uses end-to-end encryption to protect data. That means that every document or message is encrypted before it leaves your computer or phone, and it isn’t decrypted until it reaches another user’s device (or your own if you’re sharing a file across multiple devices). Everything between the two devices, including the servers in the cloud, never have access to unencrypted data.
Each document or message is encrypted with its own unique key. Keys are never reused. These document or message keys are themselves encrypted with a user’s private key. The user’s private key is stored only on a user’s computer or phone. So when a user accesses a document or message, the system retrieves the encrypted document from the server as well as the encrypted key to that document. It then uses the user’s private key to decrypt the document key, and then the document key is used to decrypt the document.
All of this key management happens automatically. The only time a user has to know about keys is when they add a new phone or computer to the PreVeil system, at which time the user’s private key must be transferred to the new device.
A user can also set up a “Recovery Group” in case they lose all of their phones and computers. A Recovery Group is a set of friends and colleagues to call upon in the unlikely event that all devices are lost. The user defines as many people as they want in this group and specifies the minimum number of people that have to approve a key recovery (i.e. 3 out of 5 friends).
The purpose of all this end-to-end encryption is to protect user data even if an attacker is able to get into the server and look at the files there. In such a case, an attacker would only see encrypted messages and encrypted keys – all of which appears to be gibberish.
Contact
Have questions or concerns about PreVeil's services, security, or privacy policies? Contact us at support@preveil.com.