How Pine Keeps Your Data Safe: Zero-Knowledge and Beyond
At Pine, we ensure that your data remains private and secure while using our app. From storage to transmission, Pine employs advanced security techniques to protect your sensitive information, allowing you to use the app with peace of mind.
Zero-Knowledge Encryption: What It Is and How We Use It
Imagine you store your valuables in an unbreakable vault, and only you have the unique code to open it. No one else—not even Pine—can access what's inside. This is how zero-knowledge encryption works. While Pine can store and sync your data, we don't hold the "key" to unlock it—only you do.
Zero-knowledge encryption means that Pine never has access to the encryption keys required to decrypt your data. All encryption and decryption happen locally on your device. This ensures that, even if Pine's servers were compromised, any data stored on them would be completely unreadable without your decryption key.
How Pine Implements Zero-Knowledge
In Pine, all sensitive data—whether it's chat logs, call information, or internal app states—remains encrypted from the moment it's created on your device. Using AES-256 encryption for data and PBKDF2-HMAC-SHA256 for key derivation, Pine ensures that your data is safe whether it's stored or transmitted. Only the minimum necessary data is decrypted for specific tasks, and once the task is complete, the decrypted data is promptly destroyed.
Secure Data Transmission: Protecting Your Data in Transit
Pine ensures that data is not only secure while stored but also while being transmitted. All communication between your device and our servers is protected using TLS 1.3, the latest standard for secure internet communication. This ensures that even when your data is transmitted across the web, it remains safe from interception by unauthorized parties.
Desensitized Storage: How Pine Safeguards Your Data
While performing specific tasks, Pine ensures that only the necessary data is decrypted for a short time. During this process, any data that must be temporarily retained for auditing—such as logs or call recordings—is desensitized. This means that all sensitive details are anonymized or masked before being stored. For example, personal information in call recordings is bleeped out, so that no sensitive data is kept in a readable form. Additionally, access to these logs and recordings is strictly controlled, ensuring that only authorized personnel can view or listen to them.