This standard is approved by the US government for encryption of top secret data. Each account has a unique key based on a cryptographically secure random number. Keys are stored in a secured database in binary form and access to the key database is strictly controlled.
Critical information like email accounts, usernames, passwords, and task information is all encrypted.
Access tokens can be invalidated and reissued in the event that an account is compromised.
Usually, hacking means someone gets user login information and access to user data. We invalidate the token (as mentioned in the second section above) for the affected account(s) and request users to re-login to their accounts. User security keys are also never transferred over wire to mobile clients.
If EasilyDo's database is compromised, we will invalidate compromised security keys and re-issue new keys to the affected accounts.
User data (email tokens, passwords, task data) are encrypted with the strongest algorithm. The keys database is isolated with strict access-controls. The data is encrypted at rest and decryption of data happens only when user requests the data.
EasilyDo takes security seriously. Critical data is encrypted at rest and in transit. In addition to strong algorithms, we also have strict access control policies. Access to the keys is limited to a handful of administrators and all access to the database is logged and monitored.