The security page mentions the communications are 256 bit SSL however it is not clear if the encryption is complete end our end encryption and if the data that is stored on the server is itself encrypted using a private key.
Our security recommendations state we can use cloud services but the encryption should be end to end and the data stored on the cloud should be encrypted using a key unique to our company so if any data was accessed it would not be readable unless someone had the company decryption key.
Could the page on security be updated or more details be give here?
Having more details will definitely help with decisions about licensing the service for our chat solution. I am sure it will likely help other companies make a similar decision.
Hi @Edwin Smith,
HipChat uses TLS transport for web, XMPP and mobile notifications. The cloud product does not use a unique per-customer key for encrypting data at rest.
HipChat Server can be deployed in your own AWS account or servers and that may allow you to meet your security policy needs.
Can you clarify if the chat data stored on the server is always encrypted or not. I understand it is not encrypted by a unique key but it's not clear to me if just the logins are encrypted or if all HipChat chat data stored on the Cloud server is encrypted using a standard server wide key.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.