Meeco’s guiding design and development principles are Privacy by Design and Security by Design. This means all our products are architected to provide privacy and security by default.
Meeco’s technology is deployed by banks and financial institutions. As a result Meeco has successfully passed relevant bank security requirements and data management policies, including the General Data Protection Regulation (GDPR).
Our Privacy and Security architecture that ensures Meeco does not have access to the contents of your digital vault. This is further stated in Meeco’s Terms and Conditions.
Meeco never reads, mines or sells your personal data. Your data is only ever shared by you, explicitly on the terms set by you, with the connections approved by you.
All personal data at rest is encrypted with symmetric key encryption based upon AES-256-GCM. Additionally, all data is encrypted on a per user basis. If data is exchanged vault to vault a unique and encrypted shared space is generated. For each encryption space, each user has different symmetric keys.
Symmetric keys are stored into a key store and are encrypted with asymmetric key encryption based upon RSA-4096. The private key for this is derived from a passphrase created by the user and entered during vault creation.
In addition to the encryption, the vault and key store are secured through your unique personal log-in and/or device PIN Code.
For full transparency, Meeco makes this important documentation publicly available and has published additional information about the key encryption library, which is open sourced and available on github at https://github.com/Meeco for review and auditing. This is further supported by documentation at https://docs.meeco.me.
ISO 27001:2013 provides the framework for a best practice Information Security Management System (ISMS). The importance of this to any organisation is that it provides an independent assessment of the organisation’s security practices, and ensures that their policies, procedures and KPIs are appropriate to deliver high levels of security in all aspects of operations and management.View certificate
The MyData Operator 2020 Award recognises operators of human-centric infrastructure for personal data management and sharing. It acknowledges organisations that place the individual at the centre of personal data about them, ensuring that they are the prime beneficiary of the use of this data and providing tools to help them manage personal data.View certificate