Encryption in Social

When is Encryption Used?

Encryption in Social is applied in two major scenarios:

1. Encryption in Transit

• Refers to data being encrypted while it is moving from one point to another (for example, from your browser to a web server, or through third-party integrations).
• Protects against man-in-the-middle (MITM) attacks, ensuring data cannot be intercepted and read during transmission.
• Learn more about Encryption in Transit.

2. Encryption at Rest (EAR)

• Refers to data that is encrypted while it is stored (for example, on disks, databases, or other storage systems).
• Provides strong protection in case of server compromise or unauthorized access.
• Works best when combined with Encryption in Transit for end-to-end security.
• Learn more about Encryption at Rest.

How Does Encryption Work in Social?

• Algorithm Used: AES-256 (Advanced Encryption Standard with 256-bit keys), a widely trusted symmetric encryption method that uses 128-bit blocks.
• Key Management:
  • Data Encryption Key (DEK): Used to convert plain text into cipher text.
  • Key Encryption Key (KEK): Used to encrypt the DEK itself, adding an extra layer of protection.
  • All keys are generated and managed by our in-house Key Management Service (KMS).
• Learn more about our KMS.

What Data Do We Encrypt in Social?

We encrypt all sensitive data such as:

• Authentication tokens (AuthTokens)
• Fields containing personal information

These are encrypted at the application layer for maximum security.

Full-Disk Encryption

In addition to application-level encryption, we also provide full-disk encryption in select data centers:

• India (IN)
• Australia (AU)
• Japan (JP)