We value our customers' trust in keeping their data secure with SplashID Safe. Below are details on how we protect your information at multiple levels.
SplashID Safe applications comply with OWASP TOP 10, SANS TOP 25, and CWE industry standards. Our developers are security-trained and follow a strict checklist that must be verified before every update or release.
We use tools such as Netsparker, Burpsuite, Acunetix, and manual exploit testing to ensure that no vulnerabilities are missed. Security is a top priority, with a focus on preventing cross-data leakage, maintaining privacy, and ensuring strong application security.
Additional controls such as dual authentication, secret keys, and user role mapping are integrated at both the application and server levels. Every version of SplashID Safe is tested periodically and whenever code changes are made.
All requests within SplashID Safe are encrypted using 256-bit SSL connections. Each record is encrypted at both the transport and application layers. Our dedicated security team runs regular scans using Nessus, Qualys, and NMAP to identify and address any network vulnerabilities.
SplashID Safe servers are hosted on Rackspace with a multi-tier architecture. They are security-hardened, regularly scanned for malware and rootkits, and kept up to date with patches. Daily backups ensure data reliability.
Local Only Records
Cloud Services users can mark any record as Local Only. This ensures the record stays on a chosen device and does not sync to the cloud. If the record already exists on other devices or the web app, it will be removed from those locations. Users can undo the Local Only setting anytime, allowing the record to sync back to the cloud and other devices.
2-Factor Authentication
2FA adds an extra layer of protection to SplashID Safe accounts. When logging in from a new device, desktop, or browser, an additional code is required to confirm authorization. Once confirmed, the device or browser will no longer require the code for future logins.
Secure Sharing
Users can share SplashID records securely with anyone, whether they use SplashID Safe or not. Shared records are sent via a secure link that is valid for 24 hours and deleted after being viewed. Records are password-protected, and users may choose whether to include the password in the email or share it verbally for added security.
Our mission is to keep customer data private and secure. Security is an ongoing process, and we continuously evolve to counter new threats. We appreciate all feedback and reports of security concerns.
If you believe you have found a potential issue, please email us with as much detail as possible. Once validated, we will implement a fix and thank you for your assistance, including public recognition if desired.
We would like to thank the following security experts who have contributed to improving SplashID Safe’s security:
Agastya Rudroj, Aleksandr Vasilyev, Anagha, Andrea Possemato, Atulkumar Hariba Shedage, Bhaskar Borman, Blessen Thomas, Chandroliya Ravi, Clifford Trigo, Danish Tariq, Devesh Bhatt, Garry D. Bacalso, Ghanashyam Sreehari, Gineesh George, Hakimuddin Gheewala, Hardik Parekh, Hardik Tailor, Hari Krishnan, Inaki Rodriguez, Jatin Mangani, Jay Vardhan, Jeevan Dahake, Kamal Singh, Kamil Sevi, Karthickumar Ramanathapuram, Kesav Viswanath, Kiran Karnad, Lalit Kumar, Le FeOx, Lyon Yang, Manish Bhattacharya, Manish Kumar, Mathias Karlsson, Maulik Shah, Meris Bihorac, Michael Smith, Mihir Mistry, Monendra Sahu, Muhammad Talha Khan, Muhammad Waqar, Nailo Mimo, Nakul Mohan, Nilesh K, Nitin Goplani, Osama Ansari, Osama Mahmood, Osanda Malith Jayathissa, Paras Pilani, Parichay Rai, Paul Seekamp, Prayas Kulshrestha, Rafael Pablos, Ranjan Kathuria, Ravindra Singh Rathore, S Venkatesh, Sachin Kediyal, Salman Khan, Sander Van der Borght, Shpend Kurtishaj, Shubham Gupta, Siddhesh Gawde, Sriram Shyam, Stefano Ivan Stinga, Surya Subhash, Swapnil A. Thaware, Tony Trummer, Vinoth Kumar, Vishal Sonar.