Guides

Security and Privacy

Suggest Edits

We take several measures within our platform to ensure that all your data is safe and secure.

Encryption at Rest

All data that is stored by Wristband is encrypted at the storage layer using the Advanced Encryption Standard (AES) algorithm, AES-256.

Encryption in Transit

All Wristband traffic is encrypted in transit using Transport Layer Security (TLS).

Handling of Secrets

All passwords and client secrets that are created under the Wristband identity provider are hashed with Argon2. Additionally, client secrets can be rotated on a periodic basis. Any secrets from external identity providers, such as private keys and client secrets, are also encrypted.

Handling of Signing Keys

All Wristband signing keys that are used for signing JWTs (like access and refresh tokens) are encrypted. Each application in Wristband has its own unique set of signing keys separate from all other applications. Signing keys can also be rotated on a periodic basis.

API Security

Even within our own network, we validate access tokens for every API call (both internal and external). All internal service calls are made over HTTPS (end to end). Fine-grained permissions are enforced for all incoming API calls.

Industry Standards

Our authentication APIs align with the OpenID Connect (OIDC) standard and adhere to the best practices established in the OAuth 2.1 specification.

SOC2 Compliance

We are currently working our way towards SOC2 Type 2 compliance. Once our certification is complete, we will update this section and share with everyone.

Privacy

We strongly believe the data you put into our system is yours! All personal data stays within our system and does not get sold to third parties. We honor all requests for data retrieval and deletion. Please reach out to support for any data inquiries.

Updated about 2 months ago