********************
This is the question I wrote in Japanese before.
Once again I will question in English. Excuse my poor English.
********************
1. About the protection of password, personal profiles data and main data:
*How do you back up accumulated data? Using cloud service such as Google Cloud Platform, for example?
*How do you prevent viruses to attack Web programs and Apps? Running some security programs?
*How do you build structures for any users not to gain access to others' data?
*What kind of encryption algorithm do you adopt? Using codes such as AES-256, for example?
2. About the physical security of your Data Center:
*Do you have any objective certificates, for example, the SOC inspection proof?
*How do you regulate and educate your employees to be away from the customers' data?
3. About the encryption of data transfer of webs and emails:
*What kind of protocol do you use? Adopting codes safe enough such as HSTS and TLS?
*What kind of encryption algorithm do you adopt? Using codes such as AES-256, for example?
All the above questions were made with referring to the security specifications of EVERNOTE.
Of course I'd much appreciate your explanation on security measures that you adopt other than the aboves!
Thank you for your questions!
I would like to reply as follow:
1. About the protection of password, personal profiles data and main data:
*How do you back up accumulated data? Using cloud service such as Google Cloud Platform, for example?
-- We use Amazon.
*How do you prevent viruses to attack Web programs and Apps? Running some security programs?
-- We don't install any unnecessary program on our server, so there is no virus problems.
*How do you build structures for any users not to gain access to others' data?
-- Every single user's data are separate from others, so any user is unable to get access to others' data.
*What kind of encryption algorithm do you adopt? Using codes such as AES-256, for example?
-- We apply SHA1 and SHA512-CRYPT.
2. About the physical security of your Data Center:
*Do you have any objective certificates, for example, the SOC inspection proof?
-- Sorry we're not sure what SOC is.
*How do you regulate and educate your employees to be away from the customers' data?
-- Only when both of the two administers (the only two) provide their own passcode and password can they operate to the database, and the only operation they can do is for maintenance. No one is able to access any user's data.
3. About the encryption of data transfer of webs and emails:
*What kind of protocol do you use? Adopting codes safe enough such as HSTS and TLS?
-- We use TLS.
*What kind of encryption algorithm do you adopt? Using codes such as AES-256, for example?
-- We apply SHA1 and SHA512-CRYPT.
If any further questions, please feel free to contact us.
Nice day!