Security

We do everything we can to ensure your security when using our product.

Files

Your files are stored offline on solid-state block volumes in our New York data center. Files are continuously replicated across block volumes in the same location. When you access an original file on Thicket (using a URL like thicketapp.com/secure-file/12345/guitar.jpg, our system checks to make sure you have valid credentials for viewing the file. Then the server grabs the file from the offline part of the computer and displays it to you.

Messaging

The real-time functionality of the Talk pane is handled by Firebase (a Google-owned company), which uses the latest security technology and handles billions of requests per day. We use a unique server-generated auth token when you open our web application to confirm the authenticity of your browser. We keep a redundant copy of all chat messages on our servers. We also use Firebase's real-time technology to sync changes between browsers and process comments on files and posts.

Personal data

We take your personal data seriously. Your password is hashed using a unique system key and cannot be decoded. Your name, profile picture, and other personal details are stored in plaintext on our protected databases.

Connection

Your browser's connection to thicketapp.com is encrypted using secure HTTP (HTTPS) – just look for the green lock symbol! Connections to satellite domains, including app.thicket.work, thicket.link, and api.thicket.work are also encrypted. The encryption is a strong TLS 1.2 protocol, strong key exchange (ECDHE_RSA), and a strong cipher (AES_256_GCM).

Uptime

We do our best to ensure unmitigated access to the Thicket web application and its underlying systems. Visit our Status page to check the operational status Thicket and its dependencies.