Security

Security Overview

Sequester protects files during transfer and encrypts uploaded files for server-side storage. The web and mobile apps use different client-side flows, but both are designed around authenticated access, limited exposure, and secure transport.

Web App

The web app uses account login and server-side session controls. Login events may record IP address, time, status, and device or client information so the service can support login history and security alert emails. Uploads and downloads are transmitted over SSL/TLS. After files are received by the server, Sequester encrypts them before storing them in the storage layer.

The web app is intended for account access, upload, download, folder management, and recovery workflows. Users should log out on shared devices and keep their account password private.

Mobile App

The mobile client remains logged in through token-authenticated API access. The app uses a PIN lock to protect local access to the signed-in client. If the wrong PIN is entered and intrusion detection is enabled, the app can report an event to the API and include captured evidence for review in the account.

Files on the mobile device remain subject to the device's normal local storage and operating-system protections before they are uploaded. Once transmitted to Sequester, files travel over SSL/TLS and are encrypted by the service for storage.

Encryption

Sequester uses established cryptographic primitives to encrypt uploaded file content before storage. The system separates stored encrypted file data from the account and metadata used to manage access. We do not publish operational details that would make the platform easier to attack.

Encryption is one part of the security model. Account passwords, active tokens, device access, server configuration, monitoring, backups, and legal recovery controls also matter.

Transport Security

API, upload, and download traffic should use HTTPS. Users should avoid uploading or downloading private files on untrusted networks or devices unless they trust the browser, device, and network environment.

Account Protection

Use a strong password, protect your email account, keep your mobile device locked, and review login or intrusion alerts when they appear. If an attempted PIN is shown in an intrusion alert and that number is meaningful or known elsewhere, review who may have access to it.

Responsible Reports

To report a security concern, contact support@sequester.app.