by Samuel Rutka, on October 30, 2019
Welcome back to Crew Tips, a bi-weekly series that gives you best practices and simple steps for making the most out of your Crew app, on both Android and iOS. In our last installment of Crew Tips, we answered the question of how the Crew app uses the location information on your phone.
This week, we’re answering a question that we take very seriously: how secure is the Crew app?
The security of our customers’ data is of paramount importance to all of us at Crew. We know you expect your private messages to be private, and we focus a huge amount of our engineering resources on ensuring that they are. 
But you don’t have to just take our word for it—here’s exactly how we do it.
- All communications between employees’ devices and the Crew servers are encrypted in transit using TLS, so they can’t be read or modified in transit.
- All user data—including messages, photos, videos, etc.—that lives on Crew servers is also encrypted at rest, and the encryption keys used are stored separately, on dedicated encryption servers.
- All employee credentials stored on devices are encrypted using keychain, or similar, software, which protects those credentials from retrieval by a third party.
- Organizational data stored on individual employee devices can be remotely wiped by an admin at any time, simply by removing that individual from the Organization.
When matched with an organizational policy that enforces employees’ use of passwords on their phones, enterprises can rest assured that they are as protected as possible from unauthorized access to company data.
Do you have other questions on this topic? What else would you like to learn about? Don’t hesitate to reach out on Twitter using #CrewTips, or on Crew Support!
