[Gipetto]

So, does this mean that users hand over permissions to a 3rd party to index internal company systems? So you could read a Confluence instance, or some other kind of wiki, and be a vector for data/security leaks?

Seems like there should be a "talk to your security team" disclaimer... people get fired for granting access like that.

[kanevski]

We don't take security lightly, but we don't do a good job articulating how we safeguard things in the product. We'll fix this - thanks for pushing on it.

There are details throughout this post, but I will summarize our high-level approach.

* When we request permissions, we request a minimal set. For example, you can connect Drive with just meta-data access and our access will be scoped accordingly.

* Everything is encrypted. Importantly, it's also encrypted in the data store itself. If our DB was compromised, the entries would not be readable (ECIES, Secp256k1, AES256+CTR). Only exception is the reverse index.

* The operations that involve encryption / decryption of encrypted content live in an isolated layer.

* Token storage follows similar methodology

* We get a pentest and security reviews quarterly

* We also have strict company policies around IT and infrastructure access

That said, we aren't ever at a terminal point in our security story.

Our experience has been that security conscious companies simply turn off ability to connect third party applications.

[dylanz]

How do guys afford quarterly pen-tests as a start up?

[kanevski]

We are lucky to be a funded company with 5 people and couple of years of runway.

A pen test costs half the monthly salary of an engineer, so it’s an easy investment to rationalize on a quarterly basis.