Encryption and data security
When you store data in Jottacloud, you can be sure that it is securely stored. Robust encryption during transfer and storage is just one of the measures we take to secure your data.
Where other providers lease servers and outsource security, Jottacloud has invested in its own server infrastructure from day one. We have always managed our own servers, routers, and load balancers, and we will continue to do so.
The result is full control over security and data at every level. We know that data uploaded to us remains in Jottacloud, and that valuable data will not get lost.
Encryption during transfer
Jottacloud uses HTTPS and TLS 1.3 to protect the actual transfer of data over the internet and to your cloud. HTTPS is a standard protocol that encrypts data sent between a user's browser and the website where the data is uploaded.
TLS stands for Transport Layer Security, and Jottacloud has implemented TLS 1.3. This is a standard that secures communication over the internet, using strong cryptographic methods and key exchange mechanisms. These are mechanisms that protect against attacks, such as eavesdropping on data, leaks, and cyberattacks
Encryption on Jottacloud’s servers
The data stored on Jottacloud's servers is encrypted "at rest": It is encrypted when stored, and it is only through Jottacloud's servers that access to the data can be obtained.
In addition, an AES-256-bit key is used. This is among the most secure keys available, and it is theoretically impossible to break with today's technology; neither mathematically nor through physical attempts.
Data stored in Norway is protected by strict privacy laws
Sensitive personal data is treated differently from country to country. The United States has weaker privacy protections than Norway, and Europe. For example, there are restrictions on privacy through legislation that prevents the use of the most secure encryption algorithms, justified by data export control and national security.
The CLOUD Act (Clarifying Lawful Overseas Use of Data Act) of 2018 allows U.S. authorities to access data stored in cloud solutions provided by American companies. When a U.S. cloud service is required to release data, it doesn't matter where in the world the server is located, as long as the company itself is American.
Since Jottacloud is a Norwegian company, and a service with offices and servers in Norway, this does not apply to data stored here. Your data will not be disclosed to unauthorized parties.