Privacy and security
We understand that the data you enter in SocieMe can be sensitive and extremely personal. SocieMe contains not only your contacts, but sensitive information about them. SocieMe staff will never access your personal information unless absolutely necessary (e.g. a support request or something breaks).
At SocieMe we take the privacy and security of your personal data serious. Both privacy and security have been considered from the beginning stages of development and are embedded in the design of SocieMe. We follow the principles of zero trust security, which means we check if you are allowed to access a resource at every level.
This page explains some of our decisions on privacy and security. It may get a bit technical at some points, but we try to keep it understandable. Keep in mind that you are responsible for your own account, so make sure to use a strong password or multi-factor authentication where possible.
External identity provider
We use Auth0 as an external identity provider. This means that they manage your login information, but not the data stored in the app itself. We chose for this option because login systems can be complex and security measures are expensive. By using an external provider we can use their expertise and large budgets to guarantee better account security than building it ourselves. Their core business model is offering this service to enterprise customers, and as a small fish we benefit from that.
Field level encryption
Some information is more sensitive by nature. Especially in open texts, where you can write whatever is relevant to you. If someone you know has a tough time personally or is diagnosed with a serious disease, you don't want that information to get leaked. This may hurt not only you and that person, but also your relationship.
To remedy this, SocieMe adds an extra layer of encryption on much of the data you add. Right now we add this extra layer to every description field, so for Contact, Note and Event descriptions. In the future we will add this extra layer of encryption to contact information, and Event and Reminder titles.
Check every request
Every request for data is double-checked. First we check if you have access to the data itself when you ask for it, and then we double-check if you're allowed to get that data. This is to ensure that nobody that's not you can get to your data.
Limited usage statistics
SocieMe needs usage statistics to see which features people use and how often. We are careful to implement them responsibly and only use this data in aggregate form. The image below shows one example (from our testing environment).
We collect a variety of data on the use of SocieMe, but not exactly what you do. We also do not collect personal data for these usage statistics, like IP addresses. In the future we want to gather further insights, but only when we've taken the time to design them in a privacy-friendly manner.
Sharing as little as possible
For some things it's unavoidable to share personal data with external parties. For example for logging in, where we can offer better security by letting the experts else handle it, and for sending email reminders. Whenever we share personal data with third parties, we ensure that there are contractual guarantees in place and that we disclose only the necessary personal data.