We take security and privacy seriously
Verified software chain
At-rest data encryption
Seam has never received a secret government request to hand over user information.
Seam has never installed law enforcement software or equipment in our stack or network.
Seam has never turned over our SSL keys or our customers' SSL keys to anyone.
Seam has never provided any law enforcement organization a feed of our customers' data.
Seam has never terminated a customer because of political pressure.
Seam has never weakened, compromised, or subverted any encryption at the request of law enforcement or a third party.
Seam has never modified customer data at the request of law enforcement or a third party.
All Seam hubs are flashed with our own machines. We do not provide the image directly to a third-party.
Our operating system verifies itself at boot time to ensure that it has not be tampered with.
We store hub credentials in the device’s secure enclave to prevent introspection.
The hub generates its own key pair. The private key never leaves the device. The public key is provided to our servers for verifying signatures.
All over-the-air updates are signed. The signature is checked when it is received by the device. We use The Update Framework to provide additional guarantees, such as preventing update replay attacks.
(coming soon) -- We sign the hub filesystem to prevent offline tampering of software while your hub is off.
We do not require opening new ports or allowing traffic over non-standard TCP/IP ports.
The Seam Hub comes equipped with its own WiFi and mesh network radios. All devices are sandboxes from your local area network.
All communications between the Seam Infrastructure and Seam Hubs are encrypted.
Each device receives a unique token for communicating with our cloud API.
We forces HTTPS for all services using TLS (SSL), including our public website, dashboard, and gateway clients.
We use HSTS to ensure browsers interact with Seam only over HTTPS and we are working on adding Seam on the HSTS preloaded lists for major browsers.
We sign all webhook request to your servers so that you can verify their authenticity.
We do not store your Seam API key in clear and have no ability to decrypt it.
Seam API credentials are branded and submitted to major credential scanning programs to help prevent leaks from accidental version-control commits.
We can run your Seam Infrastructure separately from other Seam customers. We are also exploring letting you run Seam on your own servers for additional control and isolation. *(upon request)
We scan our own software stack for vulnerabilities and perform updates when detected.
(coming soon) -- We support Single-Sign-On to give you greater control over who has access to your Seam apps, as well as permissions for finer granularity of resource access.