Choice, Security and Privacy

Published Dec 23, 2020

At Needl, we are committed to ensuring the privacy and security of our customer’s data. Our business model is aligned with our customers and we do not generate any revenue by selling your data to third parties, advertisers, etc.  Needl is the product, not YOU!

Our entire product is built on three principles (i) user control and choice, (ii) privacy, and (iii) security.

User Control and Choice
When you sync your applications with us, we give you complete control over what data gets synced onto the Needl platform. For example, in a chat application, we only sync data from groups and contacts that you wish us to sync. In a note-taking application, we only sync the notebooks that you wish us to sync. Similarly in other applications such as your cloud storage drives, we only sync the folders you wish us to sync and in email, we only sync from the senders or with filters you wish us to sync. Where possible we give you far more granular control of what data gets synced onto the Needl platform. For example with WhatsApp, if you do not wish to enable auto-sync, you can still forward messages from your chat application that you consider super important. Similarly for email, instead of auto-syncing your email data, you can forward specific emails to us, which we will index onto your personal cloud. User control and choice is a foundational design principle for us.

Next, we also give you the choice in terms of what data remains on Needl once it is in your personal cloud. You can choose to delete any data you want at any point in time.

Finally, we allow you to delink any app that you have synced with us, so your data no longer comes to Needl.

 

Security
We use Amazon’s Cognito service to store your Needl credentials. You have complete control over setting your password, Needl has no access to your Needl password stored on Amazon’s Cognito service.

Second, for any application that you sync with us, we use a standard called OAuth 2.0, which means we do not store your user name and password for any of these applications. We only have access tokens authorized by you which is stored securely in encrypted form. You can authorize and de-authorize these access tokens for Needl to sync data with any application at any point in time.

We ensure that all your data flowing to us is secure and is safe from attacks. First, any data in transit from your applications to us is encrypted using the TLS 2.0 standard and is secure from man-in-the-middle attacks. Second, once your data is inside our cloud environment, we encrypt it using Amazon’s built-in server-side encryption features. Further, all access to your data is within a virtual private cloud, access to which is strongly gated, and we have enabled all amazon specific best practices to keep your data secure and ward off malicious attacks.

Privacy
We are implementing ISO 27001 and SOC 2 compliant Information Security and Management practices so that your data is stored privately on the cloud. To ensure this, we have done the following:
(i) all user data is encrypted using Amazon’s server-side encryption.
(ii) Access to our production environment is strictly limited and requires the employee’s SSH keys and multi-factor authentication. All such access is logged.
(iii) If data access is required, it is within a gated “data room”, with read-only access and employees do not have the ability to pull out data from the data room.

Read more from Needl