Security - SBVault

🛡️ Encryption Model

Encryption at Rest

All files stored in SBVault are encrypted using industry-standard AES-256 encryption:

• Algorithm: AES-256-CBC
• Key Management: Server-side managed encryption keys
• Storage: Encrypted files stored on secure DigitalOcean infrastructure

Important Disclosure: SBVault currently uses server-side encryption, not zero-knowledge encryption. This means:

SkillBreed engineers can technically access your files if required
We can reset your password and restore access to your account
Files are encrypted on our servers, but we hold the encryption keys

Encryption in Transit

All data transmitted between your device and our servers is protected:

TLS 1.3: Latest transport layer security protocol
SSL Certificates: Valid certificates from Let's Encrypt
HTTPS Everywhere: All connections forced to HTTPS

🏢 Infrastructure & Hosting

Server Location

Your files are stored on our infrastructure:

Provider: DigitalOcean LLC
Location: United States data centers
Jurisdiction: Subject to U.S. data protection laws
Compliance: SOC 2 Type II, ISO 27001 (in progress)

Network Security

Firewall protection (UFW configured)
Intrusion detection (Fail2ban active)
DDoS mitigation
Regular security patching

🔑 Authentication & Access Control

User Authentication

Password Hashing: bcrypt with salt (14 rounds)
Session Management: JWT tokens with 7-day expiration
Inactivity Timeout: 10-minute automatic logout
2FA: Two-factor authentication available (optional)

File Sharing

Share Links: Cryptographically secure random tokens
Password Protection: Optional password for shared links
Expiration: Links can be set to expire
Revocation: Links can be revoked anytime

🦠 Malware Scanning

Every file uploaded to SBVault is automatically scanned for malware:

      VirusTotal Integration: Each upload is scanned by 70+ antivirus engines before being accepted into your vault. Infected files are automatically rejected.
    

💾 Backup & Disaster Recovery

Automated Backups

Frequency: Daily automated backups
Retention: 30-day backup retention
Redundancy: Backups stored in separate geographic location
Encryption: Backups are also encrypted at rest

Recovery SLA

Data Recovery: Up to 24-hour recovery window
Uptime Target: 99.9% monthly uptime
Incident Response: 1-hour response time for critical issues

🔍 Security Monitoring

System Monitoring: Netdata real-time infrastructure monitoring
Log Aggregation: Centralized logging with Logwatch
Intrusion Detection: AIDE file integrity monitoring
Vulnerability Scanning: Regular scans with rkhunter
Access Logs: All file access logged with IP and timestamp

👥 Access to Your Data

Who Can Access Your Files?

Honest Disclosure:

You: Full access through your account
SkillBreed Engineers: Technical access for maintenance/support (encrypted but keys are server-side)
Law Enforcement: We may be required to provide access under valid legal process (subpoena, warrant)
Third Parties: No access - we never sell or share your data

What We DON'T Do

❌ We never sell your data
❌ We never scan files for advertising purposes
❌ We never share data with third parties (except as legally required)
❌ We never use your files for AI training

🚨 Incident Response

In the event of a security breach:

Detection: Automated alerts + manual monitoring
Containment: Immediate isolation of affected systems
Investigation: Forensic analysis to determine scope
Notification: Affected users notified within 72 hours
Remediation: Security patches and improvements deployed

📊 Third-Party Audits

      Current Status: SBVault is working toward SOC 2 Type II certification. We have not yet undergone a third-party security audit.
    

Planned Compliance:

SOC 2 Type II (Target: Q3 2026)
ISO 27001 (Target: Q4 2026)
GDPR Compliance (Active)
CCPA Compliance (Active)

📞 Contact Security Team

Found a security vulnerability? Please report it responsibly:

Security Email: security@skillbreed.com
Response Time: Within 24 hours
Disclosure: Coordinated disclosure after fix is deployed

Last Updated: January 28, 2026

🔒 Security Architecture