Free Download

Knowledge Base

Back to support overview

Our application now provides end-to-end encryption of all user data, ensuring robust protection across mobile and desktop environments. This security enhancement includes encryption of all application data and prevents straightforward extraction of workflow assets on both platforms.

What Our Encryption Protects Against

We’ve implemented several layers of encryption to secure user data effectively:

  • File Encryption at Rest: All files are encrypted on the device and only decrypted temporarily in memory when needed. This ensures data remains protected while stored.

  • Device-Specific Access: Encrypted files can only be accessed by the device that encrypted them, preventing data leaks if files are transferred to another device. 

  • Secure Key Storage: Encryption keys are stored securely using the device's encrypted KeyStore.

  • Windows-Specific Protections: On Windows, encryption keys are saved using a combination of Windows standard encrypted folders, adding another layer of protection.

Limitations of Our Encryption

While our encryption solution is strong, it’s important to understand its current boundaries: 

  • Memory Access During Use: Data is not encrypted in memory. If an attacker gains access to a device while in use, they could potentially read unencrypted data from memory.

  • Temporary File Vulnerabilities: Some unencrypted temporary files (e.g., for viewing documents or playing media) may be created during use. These are deleted after use but could be accessed if compromised before deletion.

  • File Name Visibility: File names and extensions are not obfuscated, meaning someone could infer the content type from the file name.

  • Tampered App Risk: A malicious version of the app could potentially bypass encryption. Always ensure the app is downloaded from official sources. 

Potential Attack Vectors

Here are some known scenarios that could pose a risk despite encryption:

  • Physical Memory Access: An attacker physically accessing a device in use could retrieve unencrypted data from RAM.

  • Intercepting Temporary Files: Unencrypted temporary files could be extracted if an attacker accesses the device before they’re deleted. 

  • Windows Key Storage Vulnerability: On Windows, an attacker could attempt to decrypt the stored encryption key.

  • Tampered App Installations: Unauthorized versions of the app could disable or bypass encryption entirely.

Key Notes

  • This encryption feature is not optional- every customer benefits from it, and there is no permission to enable or disable encryption manually. 

  • No obfuscation of encrypted files is necessary