We take security seriously!
In today’s world, you can’t be too safe with your personal information. That’s why DirectorySpot uses a number of security measures to make sure no one except authorized users get access to your information.
All contact and user information is stored in a database on a remote server which is hosted in AWS, and secured behind a firewall. DirectorySpot does not contain any personal information when initially downloaded from either app store. In order to access the directory data, a valid user must authenticate within the app which makes secure TLS calls against the remote server to perform the authentication. Once a successful authentication has been achieved, the app will then download an encrypted version of the directory to the device which is cached for offline viewing and speed. By not allowing the database to download prior to a successful authentication we ensure that only a device belonging to an authorized user will ever have access to the directory, and only the directory that user has access to will be downloaded to that device.
All traffic between the mobile phone and the remote server is encrypted and secured using TLS. All user passwords are hashed and cannot be reverse engineered or viewed even by our administration team. We can allow people to change their passwords but we cannot retrieve their passwords.
User access is controlled through a web interface on our remote server. This allows a user’s access to be added or revoked in real time. The mobile app regularly checks in with the remote server and will deny a user access if it has been revoked on the central server.
All directory data, files, and backups are encrypted at rest.