Security and Privacy
Wristband is designed to keep your data safe and secure.
At Wristband, safeguarding your data is our first priority. We engineer security into every architectural layer, delivering the enterprise-grade protection, privacy, and compliance modern businesses require.
Encryption at Rest
All data stored by Wristband is encrypted at rest using industry-standard AES-256 encryption.
Encryption in Transit
All network traffic is encrypted end-to-end using Transport Layer Security (TLS).
Secrets Management
Passwords and client secrets are secured using Argon2 cryptographic hashing. Secrets from external identity providers—such as private keys, tokens, and client secrets—are encrypted at the application layer.
Signing Key Management
Each Wristband application uses its own dedicated set of JSON Web Token (JWT) signing keys to keep signing keys isolated across applications. Private signing keys are encrypted at the application layer, and customers can rotate their keys at any time.
API Security & Architecture
-
Continuous Token Validation: Access tokens are verified for every API call across both internal and external endpoints.
-
Encrypted Network Traffic: Internal service-to-service communication uses HTTPS.
-
Granular Access Control: Every incoming request goes through fine-grained permission checks to enforce zero-trust authorization.
-
Standards-Based Authentication: Wristband authentication APIs align with OpenID Connect (OIDC) and follow best practices from the OAuth 2.1 specification.
-
SOC 2 Type II Compliance: Wristband achieved SOC 2 Type II compliance in 2025. Visit the Wristband trust center to request the full SOC 2 report. Access requires signing an NDA with Wristband.
Data Privacy & Control
Your data belongs to you. Wristband does not sell personal information to third parties and supports requests for data retrieval and deletion.
- No Data Monetization: Wristband does not sell personal information to third parties.
- Data Lifecycle Control: Wristband honors requests for data retrieval and deletion.
- Data Inquiries: Contact support for data-related questions or compliance requests.
Need the full report?Visit our Trust Center to request a copy. A standard NDA with Wristband is required.