VaultMe Security Practices
Migrate your accounts safely with VaultMe
VaultMe employs enterprise-grade security practices and leverages industry-leading technologies to protect user content.
We keep security at the heart of our product, infrastructure, and company policies. Individual users and administrators worldwide trust VaultMe to safely migrate their email, content, and essential information to wherever they want to go.
Applications and Infrastructure
All of VaultMe's servers are hosted by Amazon Web Services (AWS) in the United States. All components that process user data operate within VaultMe's private network within AWS. Only a small number of VaultMe's servers, protected behind AWS load balancers and AWS firewalls, are accessible from the Internet. AWS is an industry-leading infrastructure provider, certified as compliant with ISO 27001, and has received a SOC 2 (Type II) report.
Data Encryption
Connections between the VaultMe backend infrastructure, the VaultMe web app, and the APIs and interfaces of Google, Microsoft, and other third-party providers are protected by up-to-date encryption protocols (including SSL) while maintaining compatibility with the different cipher suites that various platforms support. All data storage and databases are encrypted at rest using AES-256.
Product Security
VaultMe uses secure, industry-leading services to manage roles and access policies, certificates, encryption keys and secrets, firewalls, network access lists, and log collection and monitoring. Our security and platform team performs regular check-ins with development teams and all code is thoroughly reviewed and checked through a version control system. We automatically scan our applications and libraries for known vulnerabilities and apply fixes promptly.
Customer Data Policy
VaultMe does not sell or rent user data to any third party. For more information, please review our Privacy Policy. Additionally, VaultMe has a set of policies and technical controls that prevent employees from accessing customer data that is stored or processed by VaultMe systems. Where appropriate, VaultMe uses private keys and restricts network access to particular employees. VaultMe permanently and irrevocably auto-deletes all migration content (email, files, etc.) after the completion of each migration.
User Account Authorization
Wherever possible, VaultMe's backend infrastructure securely connects to each individual user's email account via OAuth 2.0, the industry-standard, ultra-secure protocol for authorization. Where not possible to use OAuth 2.0, VaultMe captures account authentication information in a fully-encrypted manner, which is permanently and securely destroyed after the completion of the user's migration.
Employee Practices
To access any of VaultMe's internal systems, employees must authenticate with mandatory 2-factor authentication. We regularly review employees' access to the systems that hold or process customer data and revoke access for employees who no longer require it to do their work.
Compliance
VaultMe complies with the California Consumer Privacy Act (CCPA) regarding collecting, using, and retaining California residents' personal information. VaultMe also complies with the EU General Data Protection Regulation (GDPR) regarding collecting, using, and retaining personal information transferred from the European Union to the United States. For more details, see VaultMe's Privacy Policy.
Third-Party Validation
VaultMe is certified annually by Google to access the sensitive account information of Google account holders.
We employ Leviathan Security Group, Inc., a globally-recognized leader in information security, as our third-party security assessor to perform security assessments and policy and procedures audits.
We also offer a bug bounty program as an additional measure of safety to reward external security researchers in the rare instance they identify a potential security concern. Our team responds rapidly to all submissions and resolves any issues before they can be exploited.
We reward everyone who helps us keep VaultMe safe
Our customers' security is our top priority. We have a bug bounty program to reward those who find any new areas of vulnerability.
Get going with VaultMe! Setup is free and easy
With VaultMe, you can safely and quickly migrate your content between Google, Microsoft, and other email platforms with ease. VaultMe's online setup is free and only takes a minute or two. You'll be able to confirm that your email accounts work, see what content will migrate, how long the auto-migration will take, and precisely what your migration will cost.