Security & Privacy

Best-in-Class Security, Backed by SOC 2 Compliance

Zero Knowledge Security Model

Passpack embodies the Zero Knowledge Security Model, providing the highest level of security and privacy. When setting up a Passpack account, each user will be asked to define a unique secure Packing (encryption) Key utilizing the AES·256·GCM advanced encryption standard. Decryption of passwords and credentials only occurs locally on the end-user's device, never in the cloud or on Passpack servers. No one has access to data stored in a Passpack vault except the account owner.

Encryption

Passpack employs military-grade AES 256-bit end-to-end encryption on all passwords credentials and stored meta data, including such items as Passwords Names. URLs, e-mails, and IP addresses, to protect information during transit and while at rest.

Proactive Threat Detection

Passpack's software is constantly monitored for malware and updated to provide our customers with the latest technology and data protection. Passpack partners with third-party experts and independent security researchers to perform regular penetration testing against emerging threats across all solutions and systems. Part of this mission is recognizing that bug reports from the worldwide community of security professionals and cyberthreat researchers are a valuable component to cyber defense. We use and contribute to these resources to ensure the security of Passpack's products and services.

Secure Password Sharing

When passwords are shared between Passpack users and teams, they are done so in a fully encrypted format utilizing the 256-AES encryption standard. The decryption of information only takes place on the end user's system (client-side).

Additional Security Considerations

Passpack infrastructure meets the highest standards of security, integrity, and stability, and we have the right control mechanisms to ensure it. In the highly improbable event of server security being breached, the data is encrypted and would be unusable without the associated end-user packing key that is knowledge-based. i.e., in the event your device is compromised, you remain secure. Passpack and Passpack employees do not have access to end-user account information or packing keys. In addition, Passpack supports and recommends industry-standard Multi-Factor Authentication with Google and Microsoft Authenticator and YubiKey for greater security

Data Security & Privacy Compliance

Data Security & Privacy Compliance

Security & Privacy Practices

Passpack is SOC 2 Type 2 certified and only engages with those companies most regarded and independently verified for data security, confidentiality, integrity and regulatory compliance.

Security

Passpack is contracted with PhoenixNAP, our trusted partner provisioning our cloud computing infrastructure and data management. We choose phoenixNAP because of their stringent security measures, which include::

  • SOC 2, type 2 audits (SOC, or Service Organization Control, is an independent auditing process that ensures compliance with the highest security standards, protecting customers ’ interests and privacy.
  • Level 1 service provider under the Payment Card Industry (PCI) Data Security Standard (DSS).
  • ISO 27001 certification.

Privacy

Passpack is committed to CCPA and GDPR and ensures that all of Passpack's sub-processors utilize an approved framework (e.g., EU·U.S. Data Privacy Framework program) to transfer customers' personal data from the EEA. UK. or Switzerland to the U.S. Also refer to our Privacy Policy.

HIPPA

Passpack is a zero-knowledge security platform that is HIPAA compliant. Strict adherence and controls covering privacy, confidentiality, integrity and availability are maintained. With this security architecture, Passpack cannot decrypt, view or access any information, including ePHI, stored in a user's Passpack Vault. For the foregoing reasons, Passpack is not a Business Associate as defined in the Health Insurance Portability and Accountability Act (HIPAA), and therefore, is not subject to a Business Associate Agreement.

Passpack only engages with those companies most regarded and independently verified for data security, confidentiality, integrity and regulatory compliance.

Get Started with Passpack Today