Privacy and Security
“We have a security-first mindset which applies to everything we do at Prisidio. We realize that you’re entrusting us with your most important and sensitive information and we take that responsibility seriously.”
Glenn Shimkus, Co-founder & CEO
At Prisidio, your privacy and the security of your data are our highest priorities. From the team we’ve built to the measures we take to protect your data, we are committed to providing you with a safe and secure platform to store and share your sensitive documents and information.
Please read further to learn more about our approach to protecting your account and data.
We always make sure it’s you.
Access to your Prisidio vault starts with the basics: a username and a strong password. In addition to your username and password, we also require all Prisidio members (even free invited users) to use multi-factor authentication (MFA) to access their vault.
What is multi-factor authentication?
Multi-factor authentication is an effective way to make sure you are who you say you are. It also provides an additional layer of protection to your account by requiring two or more factors of authentication. Using MFA can block over 99.9% of attacks that would compromise accounts.
What is biometric authentication?
For an extra measure of security and convenience, we support biometric authentication (face or fingerprint recognition) when using our mobile app on an iOS or Android device.
Your personal items and information are protected.
Your information is secure within Prisidio. We use Advanced Encryption Standard (AES) 256-bit encryption to protect your data in transit or at rest in your vault. AES 256-bit encryption provides the same high level of security adopted by financial institutions and government organizations.
We’re vigilant about ensuring your vault is completely secure.
- We require multi-factor authentication for all Prisidio users.
- We have partnered with an industry-leading authentication platform for identity and access management.
- Prisidio is built securely on the world’s leading cloud computing platform.
- All source code for our application is scanned for security vulnerabilities prior to a release.
- All files uploaded to Prisidio are scanned for malware; any infected files are blocked before being added to your vault.
- We utilize next-generation security detection tools and continually monitor for threats.
- We perform regular vulnerability scans throughout the business and across our products (web and mobile).
- We perform continuous internal penetration testing and conduct annual third-party penetration testing for compliance.
We meet or exceed strict security standards.
Prisidio partners with external organizations that regularly test and certify our infrastructure. This ensures our systems are compliant and certified on an ongoing basis.
- Security and infrastructure audits are conducted regularly.
- We work with America’s cyber defense agency, the Cybersecurity and Infrastructure Security Agency (CISA), to protect your vault and reduce the risk of any external threat.
- We perform continuous SOC 2 reporting to demonstrate our compliance with controls to ensure the security of customer data, the availability of our system, the accurate processing of data, and the confidentiality and privacy of our members.
- We have completed our SOC 2 plus HIPAA examination which demonstrates we meet the security commitments made to our customers as well as the security and breach notification requirements, applicable to Business Associates, set forth in the Health Information Portability and Accountability Act (HIPAA) in all material respects.
You decide who has access to your vault and information.
With Prisidio, you are in full control of the data in your vault and who can access it. As a vault owner you can:
- Decide who is allowed in your vault.
- Fully control exactly what items and information a person in your vault can access.
- Fully control exactly what actions a person in your vault can perform.
- Be notified in real-time when your vault has been accessed. Or view your Activity Log to see who logged in and what they’ve done.
- Instantly block a person who’s accessed your vault if they’re accessing it from a physical location not familiar to you, or if you simply forgot to remove their access.
Top privacy and security professionals are protecting your data.
Our security team, board, and advisors combine the expertise of top industry professionals who possess extensive knowledge in the fields of cybersecurity and privacy.
- Andrew Dean, CTO and CISO - Formerly with GCHQ, the UK government’s equivalent of the NSA, responsible for the protection of all government assets.
- Vanessa Pegueros, Board Member - Cybersecurity leader and former CISO at DocuSign and Director at Carbon Black.
- John Heasman, Advisor - CISO at Chegg, a public company. Prior to Chegg he was the Deputy Chief Information Officer at DocuSign.
- Larry Letow, Advisor - CEO of Cyber CX and Cyber Security Hall of Fame Chairman.
- Karthik Swarnam, Advisor - Chief Security and Trust Officer for ArmorCode and previously led security at AT&T, DirecTV, and Kroger.
Security is factored into everything we do.
At Prisidio, we’ve created a Culture of Security where all employees understand the importance and the role they play in protecting the data of our members.
- All Prisidio employees are screened through security and background checks before being hired.
- Multi-factor authentication is required for employees using internal systems and tools.
- We provide routine security training for our development team and conduct annual enterprise security training for every employee at Prisidio.
- Our team (employees, investors, Board, and advisors) collectively has significant experience in consumer data security and privacy. Learn more about our team.
- We promote responsible disclosure and encourage security researchers to report findings here.
Get the vital access and security life demands.
Be more prepared and organized for your expected and unexpected life events with Prisidio.