Our job is to worry about the finer details of how your data is secured, so you don’t have to.
Here’s a short list of what you can expect from our product.
Private by default
The only thing we know about you is a random uno-specific identifier, a public key. Even if we tried, we can’t sell your data because we don’t have any of it. 3rd party OAuth flows terminate on your devices and do not hop through our servers. We never see your data or credentials.
Local data ownership model
Your data is only available locally to client software running on devices you own. It never appears unencrypted on our infrastructure. Furthermore, you are the source of truth regarding the contents of the data, not our servers. Your data is truly yours.
We use modern best practice elliptic curve 25519 cryptographic algorithms to encrypt your data and to sign messages between components and users within our system. Your secret data is mathematically indistinguishable from random noise and provably authentic and accurate.
Our social key custody feature is built atop standard private key backup and storage primitives born out of the crypto wallet community. SLIP-0039 is a battle tested protocol for splitting and recombining private key material.
Our software is written in modern, memory safe languages like Rust, Swift, and Typescript. This means there is a far smaller surface area for traditional exploits and vulnerabilities to appear in our software.
Finally, trust is a two way street. Our software is open source so it can be audited by the security community and so you can verify every one of our statements. Check out our Rust reference implementation at: https://github.com/withuno/identity. If you are curious about more details, please explore our product design and engineering blog.