SecretValet, at its core, is about Security and Privacy.
One of our core beliefs is that you have the right to personal security and privacy.
We encrypt your capsule on your personal computer before your files are uploaded to SecretValet.
Most sites that claim to encrypt your files only do it after they are uploaded.
Why does that make a difference?
Because if your files are encrypted after uploading, that means that any hacker could intercept your files as they were being uploaded. By encrypting everything before it is uploaded, files get transmitted encrypted and also saved encrypted. That is like locking the front door with an industrial lock and taking the key with you. Only you have the key and only you can unlock that door. Isn’t that the whole point?
To make sure that your information is never lost, SecretValet stores your capsule in redundant cloud storage. We place multiple copies in multiple locations separated by thousands of miles. To lose your data, the entire Cloud Storage system would need to be destroyed everywhere, nationwide.
SecretValet also works with other third party providers to employ 24/7 significant protection against network security issues such as packet sniffing, spoofing, Phishing, Distributed Denial of Service (DDoS) attacks, and Man in the Middle (MITM) attacks.
SecretValet does not sell, license, distribute, or share any information about its clients or their recipients with anyone. There. That says it all. No legalese. We just don’t do it. We believe in personal privacy and protect it to the best of our abilities at all times.
For the Security Professionals
SecretValet uses AES-256 encryption with a randomly generated 256-bit symmetric key to encrypt a capsule and then encrypts the key itself using AES-256 with a symmetric key comprised of an algorithmically generated unique key based on the secret answers submitted by the subscriber. The generation of the unique key is covered by one of the patents submitted by SecretValet.
Once the capsule is encrypted and the key to the capsule is encrypted, each of the secret answers is hashed using SHA-512. The only thing uploaded to the SecretValet servers is the already encrypted capsule, the shared questions, and the SHA-512 hash of each answer. These files are uploaded to the SecretValet servers using HTTPS SSL secured by a Class 3 EV SSL CA – G3 certificate (2.16.840.1.113718.104.22.168.6) provided by the Symantec corporation and validated by legal counsel.
After uploading from the subscriber, the local memory used to generate the keys and hashes are wiped multiple times and then released to ensure that no other processes or instances can access the information that was in the memory. We do not rely on operating system or browser cleanup to wipe the memory.
After uploading to the SecretValet Servers, the Capsule, Questions, and Hashes are encrypted yet again using SecretValet asymmetric corporate keys. For increased security, the SecretValet keys are not stored in one location on the site but rather diced and scattered throughout the site with only the running instance of the SecretValet code able to reconstruct the key. Emergency back-up keys are stored in a bank vault, encrypted with a dual asymmetric key that requires two members of the SecretValet Executive team to decrypt and retrieve the keys.