Communication and storage

All communication between your application and iWelcome, as well as the communication between users' devices and iWelcome uses and enforces TLS.

On top of TLS, communication between your user's devices and iWelcome servers is fully encrypted with AES-256, and uses RSA-2048 for the key exchange mechanism at pairing time.

The iWelcome app installed on all users' devices will periodically change its authorisation keys and invalidate all previous used keys, to minimize key sniffing.

All data stored on the iWelcome mobile app and on any custom mobile apps is always stored in an encrypted state (using AES-256), while the encryption key is dynamically constructed on application startup, based on a derivative state of the user's PIN number.

Chunks of users' personal encryption keys are stored in an encrypted state. Not even iWelcome has access to the raw text of the key.

Back-end hosting

iWelcome uses a combination of cloud hosting providers, including Amazon Web Services, Google Cloud Platform and Bahnhof.

Our partners are ISO 27001 certified and highlight security concerns.

Communication between all our micro-services and storage solutions use TLS. Access to compute resources is restricted to authorised personnel only.