Our customers' security is our top priority; that's why we strive to have the latest technology to maintain their data protected. We regularly update our software and hardware for security and performance to avoid any threat.
Below you will find some Q&A on how we keep your data safe:
What type of communication do you use between the App, the lock, the cloud, and how safe it is?
We use Bluetooth Low Energy (BLE) to communicate between the lock and the U-tec App. Our Bluetooth standard is BLE 4 and has a wide number of benefits in terms of speed, low power consumption, encryption, and range. We also have created our own encryption protocol for the second layer of security. Regarding our U-Cloud server, it is built on Amazon Web Services (AWS), a subsidiary of Amazon that provides top on-demand cloud computing platforms. If you want to learn more technical specifications about the security within the U-tec App, U-Cloud, and your Ultraloq, please refer to the links below.
Where is that data stored and what measures are taken to secure it; specifically, is it encrypted, anonymized or user-specific, and is accessible to that data-limited and monitored?
Data is stored in the device’s inner flash and can not be readout. Fingerprint and all the information is stored on the device and is never sent to the cloud. All communications are encrypted using secure 128-bit AES via an embedded hardware coprocessor. The second layer of protection is the Dynamic Key, for this process we use ECDH (Elliptic Curve Diffie–Hellman Key Exchange).
Can the locks be hacked?
As we mentioned above, there are two layers of protection against intruders, the first one being an encrypted communication using Bank-level 128-bit AES Encryption, and the second one, a dynamic key, specifically ECDH Key Exchange. This key code is randomized for every single data transfer. Even if somebody were able to capture the AES encrypted data, the Dynamic Key protection would make it impossible for anyone to unlock or hack the lock.
What, if any, data is shared, sold, or accessible to third parties or affiliated parts of your organization, including via API and other integrations?
User Data will never be sold, U-tec does not share personal information with third parties, for the third parties’ direct marketing purposes unless the customers provide us with consent to do so, and No API is available for 3rd parties.
Are your customers able to opt-out of sharing some or all of their data--and if so, how?
Some features of our app use location-based data. If users allow these services, we will use information about the Wi-Fi routers and cell IDs of the closest towers from them. We use this information to facilitate the device’s features including Auto Unlock, Magic Shake and Knock to Open, etc, for customer support related to our Products. Customers may disable location services in their phone’s settings menu to stop sharing this data. This information will only be used internally and never shared with third parties.
If you have any other questions or an expert on the subject with suggestions, don't hesitate to write to us at firstname.lastname@example.org.