Meeco’s guiding design and development principles are Privacy by Design and Security by Design. This means all our products are architected to provide privacy and security by default.
Meeco’s technology is deployed by banks and financial institutions. As a result Meeco has successfully passed relevant bank security requirements and data management policies, including the General Data Protection Regulation (GDPR).
Our Privacy and Security architecture that ensures Meeco does not have access to the contents of your digital vault. This is further stated in Meeco’s Terms and Conditions.
Meeco never reads, mines or sells your personal data. Your data is only ever shared by you, explicitly on the terms set by you, with the connections approved by you.
All personal data at rest is encrypted with symmetric key encryption based upon AES-256-GCM. Additionally, all data is encrypted on a per user basis. If data is exchanged vault to vault a unique and encrypted shared space is generated. For each encryption space, each user has different symmetric keys.
Symmetric keys are stored into a key store and are encrypted with asymmetric key encryption based upon RSA-4096. The private key for this is derived from a passphrase created by the user and entered during vault creation.
In addition to the encryption, the vault and key store are secured through your unique personal log-in and/or device PIN Code.
For full transparency, Meeco makes this important documentation publicly available and has published additional information about the key encryption library, which is open sourced and available on github at https://github.com/Meeco/ for review and auditing. This is further supported by documentation at https://docs.meeco.me/