Protecting Your Data Through Advanced Encryption

Effective Date: January 12, 2025
Version: v1.3

Splitifi uses robust encryption methodologies to protect user data throughout its lifecycle. This policy explains our technical protocols and commitment to data security.

1. Encryption In Transit

All data transmitted between users and our platform is encrypted using TLS (Transport Layer Security) 1.2 or higher. This applies to browser sessions, API requests, and file transfers.

2. Encryption At Rest

All stored user data, including uploaded documents, messages, financial records, and case files, is encrypted at rest using AES-256 (Advanced Encryption Standard with 256-bit keys).

3. Key Management

Splitifi follows industry best practices for key lifecycle management. Encryption keys are rotated regularly and stored in a secure, access-controlled Key Management Service (KMS). Key access is strictly limited to authorized infrastructure services.

4. Document and File Storage

All user-submitted files are individually encrypted upon upload, stored with unique identifiers, and protected using role-based access control. External access is prohibited.

5. Password Protection

User passwords are salted and hashed using the bcrypt algorithm. Splitifi never stores plain-text passwords and enforces strong credential requirements during registration.

6. Communication Channels

Messages sent through Splitifi’s internal communication tools are encrypted end-to-end where applicable and stored securely in compliance with all user rights policies.

7. Third-Party Audits

Our encryption practices are periodically audited and reviewed as part of our security and compliance procedures to ensure ongoing integrity.

8. Compliance Alignment

Splitifi’s encryption standards are designed to comply with SOC 2, HIPAA, and GDPR frameworks. These standards evolve to meet new regulatory requirements.

Questions about encryption protocols may be directed to security@splitifi.io.