Security and Privacy
Wristband is designed to keep your data safe and secure.
Encryption at Rest
All data that Wristband stores is encrypted at rest using AES-256.
Encryption in Transit
All Wristband network traffic is encrypted, end-to-end, using Transport Layer Security (TLS)
Handling of Secrets
All passwords and client secrets managed by Wristband are hashed using Argon2. Any secrets from external identity providers, such as private keys, tokens, and client secrets, are encrypted at the application layer.
Handling of Signing Keys
For signing JWTs, such as access tokens, each Wristband application has a unique set of keys that are distinct from all other applications. Wristband customers can rotate these signing keys at their discretion. The private signing keys are encrypted at the application layer.
API Security
We validate access tokens for every API call (both internal and external). All internal service calls are made over HTTPS (end-to-end). Fine-grained permission checks are enforced for all incoming API calls.
Industry Standards
Our authentication APIs align with the OpenID Connect (OIDC) standard and adhere to the best practices established in the OAuth 2.1 specification.
SOC2 Type II Compliance
Wristband achieved SOC2 Type II Compliance in 2025. Visit our trust center page where you can download a SOC3 report, a publicly available summary of our SOC 2 Type II audit. You can also request a full SOC2 report from our team, which will require you to sign an NDA with Wristband.
Privacy
We strongly believe the data you put into our system is yours! All personal data remains within our system and is not sold to third parties. We honor all requests for data retrieval and deletion. Please reach out to support for any data inquiries.
Updated 6 days ago