At Rvoke, we take privacy and security very seriously.
When our customers make a request to an organisation, we ensure that all data is encrypted and only the designated recipient of the request (e.g. the Data Protection Officer) is able to view the data.
When organisations respond to requests, data is encrypted in such a way that even we cannot view this data; it is encrypted with the subject’s public key. The private key is stored on the customer’s phone; we have no access to this.
We advanced levels of encryption of data at rest and in transit at the message and transport layer including use of the following;
Elliptic Curve cryptography using Ed25519 and Curve25519 Keys
Authenticated encryption with associated data (AEAD)