Security

We take security seriously!

In today’s world, you can’t be too safe with your personal information. That’s why DirectorySpot uses a number of security measures to make sure no one except authorized users get access to your information.

All contact and user information is stored in a database on a remote server which is secured behind a firewall. DirectorySpot does not contain any personal information when initially downloaded from either app store. In order to access the directory data, a valid user must authenticate within the app which makes secure SSL calls against the remote server to perform the authentication. Once a successful authentication has been achieved, the app will then download an encrypted version of the directory to the device which is cached for offline viewing and speed. By not allowing the database to download prior to a successful authentication we ensure that only a device belonging to an authorized user will ever have access to the directory. This means that even a mobile phone which has been "jail broken" or hacked using some other method will not be able to gain access to the school directory simply by downloading the app from one of the mobile app stores.

All traffic between the mobile phone and the remote server is encrypted and secured using SSL. All user passwords are hashed and thus cannot be reverse engineered even by our administration team. We can allow people to change their passwords but we cannot retrieve their passwords as even we are not able to determine what their password is. This provides added security to users in the event that they choose to re-use a password for our app that they also use for other services they access.

User access is controlled through a web interface on our remote server. This allows a user's access to be added or revoked in real time. The mobile app regularly checks in with the remote server and will deny a user access if it has been revoked on the central server.