Encryption is used extensively to ensure the confidentiality of MySudo user data.  The general encryption approach is to ensure that data is encrypted so that it can only be decrypted by you:

Key Generation

1. When the app is installed and launched for the first time, MySudo generates public/private key pairs on your device.

 
2. The private keys are stored in the mobile device’s specific secure key storage, e.g. iOS keychain. You may optionally backup your encryption keys to your Apple iCloud account, or to a laptop using Apple iTunes (MySudo for iOS) as part of an encrypted backup. The private keys are never stored in the Sudo Platform.

3. The public keys are uploaded to the Sudo Platform.

Data Encryption
1. SudoOut content, e.g. an SMS or email, is received by the Sudo Platform and encrypted before being stored in the Sudo Platform and delivered to your device.

2. An AES-256 data encryption key (DEK) is generated in the Sudo Platform.

3. The DEK is then encrypted with your public key, so that it can only be decrypted by the receiving MySudo user.

Data Decryption

1. On your device, you receive the encrypted DEK and decrypts the DEK using your private key.

2. The encrypted message content is then decrypted using the DEK.

3. The decrypted message content is then visible to you.

MySudo settings
1. MySudo app settings (Sudo profile information and contacts) are encrypted on your device using AES-256 symmetric key encryption.

2. The encrypted settings are stored in the Sudo Platform. This allows for synchronization across a user’s multiple devices.

3. The encryption key is never stored in the Sudo Platform.