Data Encryption In Transit and At Rest
All the Whisbi services use by default SSL certificates with the SHA-256 algorithm to protect all the traffic and all the data exchanges. It ensures that the data in transit gets encoded and unintelligible before traveling through the public networks, as recommended by the General Data Protection Regulation.
Once the data arrives at the Whisbi systems, all the sensitive data is encrypted as well. We use the Advanced Encryption Standard AES-256 to protect the data at rest, which is the most secure algorithm at the present moment. In particular, the data that we keep encoded using this method are the name, the surname, the email, the chat messages, the phone numbers, the IPs and the NPS related to the satisfaction surveys.
We monitor the changing cryptographic landscape closely and we work promptly to upgrade the service to respond to new cryptographic weaknesses as they are discovered. We also implement the best practices as they evolve, paying special attention to maintain the compatibility for older clients.