3.5. Data encryption at rest and in motion
In Fluix, the data is encrypted at all stages:
1) Transfer from from third-party online storage to AWS
Secure data transfer from third-party online storage generally depends on the third-party server configuration. From the Fluix side we recommend to use ‘https’ protocols with TLS 1.2 cryptographic protocols. All major cloud storages that are supported by Fluix are using TLS 1.2 as well.
When uploading files using web browser, Fluix requires the browser to support TLS 1.2 cryptographic protocols. See security White Paper for the list of cypher-suites.
2) At rest in AWS
The data at rest at AWS is encrypted using AES-256, both on the database server and AWS S3 object storage.
3) Transfer from AWS to the user application
Fluix application, similarity to the web browser is using https protocol with TLS 1.2 to connect to Fluix (AWS)
4) At rest in user application
iOS version of Fluix leverages Apple iOS data protection. All data within the Fluix app is constantly encrypted using AES-256 cipher. Following the principle of least privilege, application assigns different protection classes to the files, ranging from Protected Until First User Authentication (similar properties to desktop full-volume encryption) to Complete Protection (encrypting data within 10 seconds after device locked). See Platform Security Guide for details.