Security and Privacy
We take security seriously. Therefore we have added the following features:
- Data transfers between the desktop clients and the server are encrypted using latest AES/RSA encryption standards.
- Data transfers between the mobile apps or a browser and the server are encrypted using SSL (a certificate must be installed on the server side).
- FAUbox creates a worldwide unique ID and private RSA key. With this key, your chosen password and if applicable the Shibboleth token, a time-limited authentication token can be generated which is required for the connection with the server. Only this token will be saved. The FAUbox does not know any password. This way, no client can access a server that does not fulfill the mentioned criteria. If necessary, all local clients can be blocked individually by the user himself.
- The server systems of the FAUbox are all located in a secured network behind the Loadbalancer, which also serves as a firewall.
- The FAUbox software is audited annually by external pentests. Weaknesses are corrected in a timely manner.
- SSL support for mobiles apps, web and WebDAV
- The build in at-rest encryption uses cryptomator technology
- Central user management
- Multi tenant system to keep organisations separated on the same system
- Built-in granular permission system
- Password protected/centrally controlled access to preferences in the client
- Password Protection on file links
- Expire Dates on file links
- Maximum number of downloads for file links
- Admin-controlled remote deletion (Remote Wipe commando)
- Build in file versioning for overwritten and deleted files
- Protection against loss of data by human error
- Protection against Cross-Site-Scripting (XSS) attacks
- Protection against “man in the middle” attacks
- Optional cloud-malware-protect (integration of Antivirus solutions directly with the server)
- Online document editing service hosted on your own infrastructure
The solution is under continuous security review internally and by partners. The Dal33t GmbH is dedicated member of the TeleTrusT Initiative “IT Security made in Germany” (ITSMIG). If you have questions regarding the security in detail or need help with the setup please let us know.
FAUbox does not give any data to third persons. We are using the data we collect from you only internally. The data which you provide to us while using FAUbox or the FAUbox homepage is:
Your e-mail address
We need your e-mail address to send you system notifications (e.g. online storage warnings & offline registration keys), but we will never give away your email address to external persons or companies and we will not send you any third party advertisements.
FAUbox is encrypting its traffic, so NO third person is able to read your data transfers. But if you are using relayed connections or NAT traversal connections our server will know who you are connected with.
In case you would like to avoid this: Go to preferences/network and disable relayed connections and NAT traversal connections. Please note: if you disable this, you have to make sure that your router and firewall are open for FAUbox (port 1337 by default). Also, it is only possible to use FAUbox in a VPN & LAN-only mode. In both ways, our servers will not take part in the connection between your clients.
All major browsers allow you to disable cookies if you do not want to disclose this data to us. Please check the homepage of the publisher of your browser to find out how.
…that you should be able to trust the company that allows you to take care of your data. And therefore we will do our utmost to ensure that you can be safe and feel comfortable with FAUbox. If you have questions, do not hesitate to contact our FAUbox-Support-Team. We will be glad to help you.