You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close
Join us for a live webinar on how to get the most out of using Shift! Tuesdays at 9:30 AM (PT) and Thursdays at 1:30 PM (PT)
announcement close button
Home > Privacy & Security 🔐 > Security in Shift
Security in Shift
print icon

Your security and privacy are our top priority here at Shift. Not only is Shift a great tool, but it is completely safe and secure to use.

 

Your data is as secure as your computer

First and foremost, nearly all data that the Shift desktop application uses is kept local to your computer. This includes the data that keeps you logged into your accounts within Shift. We highly recommend using a complex password to lock your computer. Read more about our suggestions here.

 

Login security

Shift integrates app and extension login security. That means when you log into your apps and extensions in Shift, you are using those app and extension security mechanisms to authenticate. Shift also uses the standard OAuth authorization protocol. We have been approved by Google to use the OAuth process, which is understood to have no known vulnerabilities. OAuth authorizes Shift (locally) to access your emails and download to your local computer. An identity token is stored against your Shift account in the cloud, but the token required to access your emails is always local. Shift can handle your mail privately and locally without any risk that anyone, anywhere – other than you – can gain access to your information, data, or emails. Read more about the OAuth process here.

 

How your data is kept safe

Any data that is collected and stored on Shift's servers (as outlined in our Privacy policy here) is transported to the server under SSL/HTTPS standards (also with no known vulnerabilities). The data that is collected is not shared and steps have been taken to restrict access to this data as much as possible. The small amount of information we send from the client to our servers is hosted using AWS (Amazon Web Services) Cloud Servers in the western United States. We don't have access to anything in your accounts on our servers nor could we access those accounts.

 

When you use the Password Management feature in Shift, your password data is always encrypted locally first before being sent to Shift's servers, where it is then encrypted a second time. Industry-standard encryption methods, AES and Argon2 are used in this process. Read more about Password Management security here.

 

Shift employees cannot view any email content, passwords, calendar information, app and extension information, etc. The limited access our team does have is only given so they can assist you. When a Shift employee leaves, their access is revoked immediately upon their departure and they no longer have access to any internal systems.

 

As part of regular development and maintenance, we perform regular audits and implement actions to continuously improve security.

 


 What's next?

Read more about Privacy and Security in Shift here.

 

Need help?

Get in touch with our support team here.

Feedback
29 out of 35 found this helpful

scroll to top icon