There is an about section on the website that goes into a little detail about who we are and what we do to protect your data. However, in short. Passwords are stored under BCRYPT. Any retrievable sensitive data is stored under AES and can only be decrypted by you. All data is sent under SSL. We also make the assumption that all of our servers are compromised from the outset. We and things like re-provision them every 2 hours to ensure no attacker can keep persistence. The backend is completely compartmentalised spanning multiple networks and internal APIs. Our platform is built on top of and makes good use of AWS platforms and APIs. Oh and we run a bug bounty, payable in BTC of course.
Hugh
Perfect, thanks!