Syncdocs Security and Privacy

Data Security

Are my files kept on Syncdocs servers?

No. None of your files are transferred, routed or stored in Syncdocs servers. You files are uploaded and downloaded directly to and from Google over an encrypted link.

How is my data kept safe?

The encryption is the same as in your web browser connection to Google Drive. Your data is encrypted while in transit on the Internet, the same as if you were using a web-browser.

Syncdocs will only send data to and from Google using SSL (TLS). This is a way of encrypting data on the Internet, used by banks, eBay etc.

Typically, it is all encrypted using RC4 128 bit. The key exchange and is done using an RSA 1024 or 2048 bit key, with SHA1 as message authentication. There is no non-https traffic from Syncdocs to Google Docs.

Local database storage is AES256 encrypted.

You can choose to encrypt files and folders on Google Docs and Google Drive.

How does Google secure my files?

Here’s more information on Google’s data security and redundant servers.

Password Security

Password credentials

You do not need to enter your password into Syncdocs anymore, as, Google now supports OAuth where you can user their servers to authorise (and revoke) Syncdocs access to your account. See this post on how to set it up, or turn it on.

If you do enter a password into the Syncdocs app note we do not collect passwords – they stay on your PC. Passwords for Google are securely stored only on your local PC, or local network Microsoft Windows Domain Controller Server. Doc Freedom Syncdocs does not collect them. They are used only when connecting to Google cloud services. Syncdocs does not store your passwords on our servers, or anywhere on the Internet. When communicating your passwords to Google’s servers, TLS (SSL) encryption and authentication is used.

How are my credentials kept safe?

We don’t have access to your password. It is stored securely using Window’s secure credential manager vault on your own PC. Unless you are on some Windows domains, your password will never leave your PC.

If you are on a Windows domain, your domain administrator might also store all your desktop settings on the network domain controller, so you can move workstations. Your password is included in the workstation settings.

In other words, your password stays on PC or local network, Syncdocs servers never see it. Syncdocs never sends your password to anyone except Google’s servers, and then only using the encryption detailed below:

How are my credentials communicated?

Your credentials are encrypted on the Internet, the same as if you were using a web-browser.

Syncdocs will only log into Google using SSL (TLS). This is a way of encrypting data on the Internet, used by banks, eBay etc.

I still don’t want to enter my password

That’s fine, get an application specific password as described in 2-Step verification below or use OAuth.

Do you support 2-Step Verification?

Yes, Syncdocs supports two-step authentication, for all accounts.

See this post for detailed setup instructions, or see the next point for brief instructions.

How do I get 2-Step Verification working with Syncdocs?

You need an “application specific” password.

Here’s how to get it working:

1. You will need an “application-specific” password from Google.
Go here for to get one:
http://www.google.com/support/accounts/bin/static.py?page=guide.cs&guide=1056283&topic=1056286

2. In Syncdocs Preferences, in the Account tab, in the password field, enter the password code Google gave you in step 1.

Do you support Single Sign On (SSO)?

Yes, Syncdocs also now supports the Google OAuth 2 protocol. This means that you can authenticate/de-authenticate Syncdocs using the standard Google permissions console.

Syncdocs will also now support single-sign-on (SSO) solutions like OneLogin and SSOEasy.

How do I revoke Syncdocs Access

Click on “Revoke” in the Google Account Console next to Syncdocs. See this post for detailed setup and revoke instructions.

How to I wipe Syncdocs info from the Windows password vault?

You can use the -wipevault command line switch to tell Syncdocs to clear all the credentials when it exits.

Program security

How are updates kept safe?

wyUpdate is the utility we use to keep Syncdocs up-to-date. It is a small program that checks the version of Syncdocs, and applies updates if needed. It only updates signed versions of updates.

More information

The Syncdocs Privacy Policy policy gives more details, as do the terms.