4 minutes
Hubstaff Security Information
Here are some of the more commonly asked Hubstaff security questions:
How are the screenshots uploaded to Amazon S3? Specifically what ports and protocol?
Screenshots captured on our timer applications are uploaded via SSL over the standard HTTPS port (443)
Does the timer application initiate the upload of desktop screenshots or is this done from the server?
The timer application initiates all screenshot uploading, screenshots never pass through the server.
Are the screenshots encrypted at rest on the amazon servers? To be HIPAA compliant data needs to be encrypted at rest as well as in transit.
Screenshots captured on our timer applications are encrypting at rest and in transit, using AES-256 and TLS 1.2+.
Do you capture keyboard keystrokes or mouse clicks?
We do not capture or upload keystrokes or mouse clicks. We track and upload total seconds within a 10 min block where there was “activity” (mouse or keyboard usage) and the total seconds “worked” roughly every 10 minutes via SSL (port 443).
Who has access to my screenshots?
On the web dashboard, screenshot visibility is customizable—you can blur them or limit access by role. Please refer to our permissions guide to learn more about who can view your screenshots in the Hubstaff web app. Now, regarding access, please note that:
- Access to screenshots is never public. Instead, when screenshots need to be displayed, we generate signed, expiring URLs that are valid only for a short period.
- Access is tightly restricted using Amazon’s IAM policies, ensuring only authorized services and systems can interact with screenshot data.
- Amazon S3 complies with security standards such as SOC 2, ISO 27001, and HIPAA.
Hubstaff has chosen to store all screenshots on Amazon’s S3 servers. We have selected AWS because of its industry standard security levels, uptime of data, and speed. Amazon’s servers, however, will obfuscate screenshots. You can read more about Amazon’s security measures here: http://aws.amazon.com/s3/faqs/#How_secure_is_my_data
- Terms of Service: https://hubstaff.com/terms
- Privacy Policy: https://hubstaff.com/privacy
- Security Policy: https://hubstaff.com/security