At RamSync, it is YOUR data
Data security and data ownership: it’s a freaking big deal. The largest companies in the world are clamoring for more data, for more customer data (i.e., yours!), and fighting tooth and nail to obtain more.
That’s not necessarily good for us regular users or our privacy. Our personal information is bought, sold, and inspected at scale like a basic commodity, often without any of us knowing exactly what is collected or where it is going. Many “free” online services are actually paid for with all of our personal data, which we at RamSync believe is a dangerous practice.
At RamSync, we want to keep things simple and honest. We believe your data is yours, and yours alone. Your ideas, thoughts, and notes are valuable, and they belong to you. That is why we don’t read your notes, scan your research, or sell any form of your data to third parties. Simple right?
We Don’t Read Your Notes
Let’s re-state that: at RamSync we do not scan, skim, read, sell, or peek at your Notes. That would be rude. Only individuals you decide to share your Collections with can read your Notes. We only keep track of high-level metrics to ensure we are optimizing the system, building correct features, partitioning the database, and applying subscription limits correctly.
It is your data to delete. Seriously, we don’t keep shadow backups of your Notes, no back-end soft-deletes where nothing ever goes away. We don’t pull your data down or store it in other fringe locations with different security measures. This means when you delete a Note, it is gone forever. Permanent, as in it does not exist anymore. Poof!
We believe permanent deletions are critical in ensuring you have complete control of your data. So, be extra careful when clicking that delete button, there is no undo!
Public Collections/Sharing: Any collection can be shared or made public. If it is made public anyone with the URL can see it. Then, we may see or read public collections or collections you decide to share with us. Which is cool, as we love seeing what you build!
Quick Note: We have zero tolerance for illegal activities. Seriously just treat everyone nicely; we really don’t want to have the authorities asking us about an account. Please see our terms and conditions.
This brings us to RamSync cloud security. It’s a big topic which we take seriously and strive to keep our system as secure as reasonably possible. We use the best external provider for your login credentials: Microsoft Active Directory B2C. Microsoft Active Directory is one of the biggest heavy-hitters when it comes to credentials and login security. Seriously, Active Directory is used everywhere (almost), and Microsoft spends billions (literally) every year on security. This helps ensure your login and credentials are as secure with RamSync as anywhere else online.
For authentication into the RamSync platform, we use OAuth 2.0 Authorization Code Flow with Proof Key for Code Exchange (PKCE), which is more secure than the easier and outdated OAuth2 Implicit flow. It’s multiple best practices like this that add up. We are tech folks, nerds, and researchers. This means we are always trying to improve, it is a journey. We want to ensure RamSync is safe enough we can be proud to share the platform with our moms.
For payment processing, we leverage Stripe as part of our focus on a PCI DSS compliant payment strategy. Stripe provides the security and a strong history as one of the most competent companies in the business. We let Stripe do the heavy lifting, because well, that’s what industry-leading experts are for.
Lastly, we host the RamSync app and the RamSync website on two separate cloud platforms. We have other protections in place, and no, we are not going to list them all publicly here; that would be both boring and not very good operational security.
For the Lawyers: This is not a legal post, just a conversation
A couple of disclaimers: First, nothing in this post is legal, binding, contractual, advice, or something you should yell at us over. Please see our terms and conditions for any updates or additional information. We do collect cookies to help us better understand customers, usage, visitors, etc. This is basic cookie stuff, and we don’t sell it. Ever.
As always, we’d love to hear from you! If you have questions, comments, or thoughts, send us a note, we love notes!