SetFlow
SetFlow
Sign up free

Encryption

What's encrypted, how, and where the keys live.

At rest

  • Database — AES-256 at the storage layer.
  • Backups — AES-256, retained on a rolling schedule.
  • File store — AES-256 server-side encryption.
  • Logs — at-rest encryption with restricted access.

In transit

All public-facing traffic is served over HTTPS using TLS 1.2 or higher; TLS 1.3 is negotiated wherever the client supports it. HSTS is enabled with a one-year max-age. Internal service-to-service calls run inside private network boundaries with mutual TLS where applicable.

File uploads

Uploaded files (assignments, project attachments) are encrypted in transit (TLS) and at rest (AES-256). File downloads use signed URLs with short expirations so a leaked link can't be used after the window closes.

Key management

Privacy

Encryption keys are managed by industry-standard key-management services with hardware-backed key storage. Keys are rotated on a regular schedule and access is limited to a small number of senior engineers, with every access logged.

Can't find what you need? Email support.