Every decision starts with security. No compromises, ever.
From concept to development, Lifedocs has been designed around the best security practices in the market to keep your data safe at all times.
1.
Authenticating users
Password
All accounts require passwords to access and view your data.
We encourage using strong passwords by increasing the number of characters and numbers and symbols to enhance security. A more complex and lengthier password makes it more difficult for bots and attackers to crack.
Identity verification
Emails need to be verified before any further information is added. Two-factor authentication is added as an extra layer of validation to ensure that you are who you say you are.
From the very start of your Lifedocs journey, any information and documentation stored in your account are entirely yours. Only you and those with whom you choose to collaborate have access to that information.
Notifications
Each login attempt on your account is recorded and an email is sent to your account detailing the location and type of machine that has accessed your account.
Should you get a notification with a login attempt that is not you, you can immediately lock your account by following a 1 click link.
Two-factor Authentication
Lifedocs has two-factor authentication as an option to verify your identity and allow you to log in and change account details. Our platform supports Authenticator apps such as Google Authenticator and Authy.
Research suggests that an account is 99.9% less likely to be breached if you use two-factor authentication. By enabling two-factor authentication, you ensure that you are the only one who can access your account, even if someone else knows your password.
Biometrics
Lifedocs uses biometric (Facial or fingerprint) authentication on our iOS and Android mobile apps. This provides a seamless login experience without the expense of security.
Biometrics offers strong protection against security breaches since it can only be provided by you as a living person at the time of login.
2.
Data protection
Encryption
Lifedocs encrypts all customers' sensitive data to prevent unauthorized use of that data, ensuring that your data stays secure. Encryption is done both at the server-side as well as when sending/receiving information from the vault.
We make use of Advanced Encryption Standard (AES) 256-bit encryption. We also use multiple techniques to make sure only you have access to your information.
Backups
A snapshot of all the data and files will be backed up:
- Every hour - 5 hours' worth of data
- Every day - 5 days' worth of data
- Every week - 4 weeks' worth of data
- Every month - 2 months' worth of data
Logging
The lifedocs platform creates audit logs of the events created by each user within the member account. This allows you to see changes that have occurred within your account.
Having this record of events in your account provides transparency around all account activity.
Intrusion detection systems (IDS)
An Intrusion Detection System (IDS) is a monitoring system that detects suspicious activities and generates alerts and triggers specific actions when they are detected.
Actions may include:
- Locking of all systems
- Changing of encryption and decryption keys
- Re-encrypting data
Policies and procedures
We have developed internal policies and procedures to cover:
- Digital access controls
- Content security
- Responding to threats
- Testing and auditing
- System updates
- Developing in secure sandbox environments
- 3rd Party management
- Disaster recovery
- Business continuity
3.
Security partners
At Lifedocs, we work with several security providers and advisors to improve our core architecture. We only source services from industry experts and leading companies with global footprints in the cyber security space.
4.
Questions & queries
If you have any questions or concerns, please get in touch with us at: support@lifedocs.co.za
If you're a bug bounty hunter or security researcher and you believe you've uncovered a security issue in our platform, please email us at support@lifedocs.co.za with your details so we can collaborate on resolving any issues identified
Security FAQs
Will Lifedocs ever sell my data?
Never, Lifedocs will not sell your information. Customers pay for a secure document management and storage service, we, therefore, do not need to derive revenue from customer data.
Where is my data stored?
Your Lifedocs data is encrypted and stored with Google Cloud Storage services. Google, being a household name in the tech space. We trust their security, speed, and reliability. They are meticulous in their pursuit of innovation and excellence. Boasting a wealth of tech industry expertise that is near impossible to compete with.
What happens to my data if I unsubscribe?
Should you choose to cancel your Lifedocs subscription, you can download your account data and store it on your local machine. You will have the option of transferring the main account holder to any existing family collaborators.
As the main account holder, should you choose to delete your account, the information stored for all family members will be deleted and removed from the Lifedocs database. This process cannot be undone and is irreversible. You can delete your account through your account settings in the Lifedocs application.
What happens to my data if my payment lapses?
If your subscription payment lapses for whatever reason, Lifedocs won't delete your data. We will first confirm that you would like to cancel your account. Please note that to access your information again, you'll need to resubscribe.
Email support@lifedocs.co.za if you have trouble resubscribing.
If I delete my data, is it deleted?
Yes, your data will be removed from our main database within 72 hours. Any third-party services will be notified and connections will be removed. Our backups will be scrubbed of your data at the next backup cycle
Can Lifedocs access my account in an emergency?
No, but we will be able to assist in notifying you and getting any emergency contacts that you have listed on your account to gain access.Should an emergency contact request access to your account, we will verify them first and notify you via your communication preferences as set in your profile (SMS, email, in App).
We may also require documentation such as a death certificate and/or a letter of authority from an attorney.
Can Lifedocs staff access my data?
It depends:
No:
Since files and information are encrypted, only you, the account owner (and those contacts to whom you have given access) can decrypt those files. Additionally, staff and team members at Lifedocs are severely limited with access to any data on servers. Any maintenance that is required on the database from time to time is verified, approved by a director, and logged.
Yes:
Our vault is designed to assist customers with keeping their data valid and current. For this, we have enabled customers to set expiry dates and action points on various types of information and/or documents. Our AI system uses this type of information to create value for our customers in the form of reminders and action points. This personalised assistance is what makes our platform valuable to our customers. With this, we still cannot decrypt the information contained within the vault, so the data remains secure
Where can I report security issues?
We understand the value of privacy and the security of our customer's data. If you suspect a security incident, report it as soon as possible so we can begin to investigate and mitigate any issues that may be identified.
You can report security incidents here: support@lifedocs.co.za.