Security Practices

All user data and app communication from/to our servers is encrypted in transit via Secure Sockets Layer (SSL)/Transport Layer Security (TLS).

We force secure transport protocol HTTPS by redirecting all HTTP requests to HTTPS. Our app servers accept only HTTP requests sent over HTTPS.

We use HTTP Strict Transport Security (HSTS) to ensure that browsers interact with Deskfirst only over HTTPS.

User files are stored on Amazon S3 and are encrypted at rest using 256-bit Advanced Encryption Standard (AES-256).

User authentication flows (sign-ups/logins, excluding shareable links) are processed by Auth0. We do not store user login passwords or their hashes on our servers. Hashed user login passwords are stored and managed by Auth0. See Auth0 Security, Privacy & Compliance.

Any request to private web desktops, user files, and user data, undergo access permissions testing to validate that the requester has sufficient permissions to make the request.

All customer payments are processed by Stripe. See how Stripe handles security.