We do everything we can to ensure your security when using our product.
Your files are stored offline on solid-state block volumes in our New York data center. Files are continuously replicated across block volumes in the same location. When you access an original file on Thicket (using a URL like
thicketapp.com/secure-file/12345/guitar.jpg, our system checks to make sure you have valid credentials for viewing the file. Then the server grabs the file from the offline part of the computer and displays it to you.
The real-time functionality of the Talk pane is handled by Firebase (a Google-owned company), which uses the latest security technology and handles billions of requests per day. We use a unique server-generated auth token when you open our web application to confirm the authenticity of your browser. We keep a redundant copy of all chat messages on our servers. We also use Firebase's real-time technology to sync changes between browsers and process comments on files and posts.
We take your personal data seriously. Your password is hashed using a unique system key and cannot be decoded. Your name, profile picture, and other personal details are stored in plaintext on our protected databases.
Your browser's connection to
thicketapp.com is encrypted using secure HTTP (HTTPS) – just look for the green lock symbol! Connections to satellite domains, including
api.thicket.work are also encrypted. The encryption is a strong TLS 1.2 protocol, strong key exchange (ECDHE_RSA), and a strong cipher (AES_256_GCM).
We do our best to ensure unmitigated access to the Thicket web application and its underlying systems. Visit our Status page to check the operational status Thicket and its dependencies.