How secure is my data with Applozic? What level of security does Applozic Chat SDK provide?

by Satadeep Biswas

We would like to make two things clear. First, we respect your privacy and take significant efforts to protect all your data. Second, we would never do anything with your data that we wouldn’t be proud to tell the world about.

The summarised list shown below are some of the key ways that Applozic messaging service has been designed and developed to better protect your data:

  • AES-256 (data at rest) and SSL/TLS (data in transit) to encrypt and protect, stored information. Network traffic encrypted using SSL/SSH
  • Password data stored in a one-way salted hash.
  • FIPS-approved encryption algorithms and implementations.
  • Servers hosted in a highly secure AWS servers with multiple third-party certifications.
  • Strong authentication mechanisms for remote access through two-factor authentication.

Security Architecture Design:

User Sign In - Users are authenticated when they sign in to your application using their password. The password is used to send an authentication hash via SSL to the Applozic server for authentication. Two-factor authentication can also be setup on the client-level by sending a one-time password to supporting applications.

Data in Transit - All application traffic occurs over SSL/TLS, and all network traffic is encrypted via SSL/SSH. All communication between the user’s device and Applozic is further encrypted at all times using SSL/TLS as an automated layer of data protection.

HTTPS Transport Security - The Applozic platform connects over HTTPS, such that if someone manually edited the URL to start with http://, they would be redirected to an https:// URL. This prevents SSLstripping attacks in the event that a user connects to Applozic from an untrusted network.

Cookie Attributes - All authentication cookies use the “secure” flag as well as the http-only flag. This ensures that cookies are only sent over secured connections and that the cookies cannot be accessed over non-HTTP(S) methods.

Dedicated Server Deployment:

We also have the capability to deploy the chat servers and database on your cloud servers or on-premise infrastructure, in case you have certain specific security protocols that you need to comply, for e.g. HIPAA compliance etc.

Read More about dedicated server deployment here.


How Did We Do?