Icon

Security from the Hardware Up

Check

Verified software chain

Check

Sandboxed networks

Check

SSL everywhere

Check

At-rest data encryption

Green Dots
Behind the scenes.

Warrant Canaries

Removal of a canary implies that Seam has received one or more legal procedure preventing it from making such statement. Learn more about Warrant Canary (EFF).

Check

FISA

Seam has never received a secret government request to hand over user information.

Check

Wire Tapping

Seam has never installed law enforcement software or equipment in our stack or network.

Check

SSL Keys

Seam has never turned over our SSL keys or our customers' SSL keys to anyone.

Check

Data Handover

Seam has never provided any law enforcement organization a feed of our customers' data.

Check

Account termination

Seam has never terminated a customer because of political pressure.

Check

Encryption modification

Seam has never weakened, compromised, or subverted any encryption at the request of law enforcement or a third party.

Check

Data modification

Seam has never modified customer data at the request of law enforcement or a third party.

Under the hood.

Security Features

Hardware

Image Flashing

All Seam hubs are flashed with our own machines. We do not provide the image directly to a third-party.

Secure Boot

Our operating system verifies itself at boot time to ensure that it has not be tampered with.

Secure Enclave

We store hub credentials in the device’s secure enclave to prevent introspection.

Private/Public Key

The hub generates its own key pair. The private key never leaves the device. The public key is provided to our servers for verifying signatures.

Signed & Verified Updates

All over-the-air updates are signed. The signature is checked when it is received by the device. We use The Update Framework to provide additional guarantees, such as preventing update replay attacks.

Filesystem Signing

(coming soon) -- We sign the hub filesystem to prevent offline tampering of software while your hub is off.

Networking

NAT Traversal

We do not require opening new ports or allowing traffic over non-standard TCP/IP ports.

Network Sandboxing

The Seam Hub comes equipped with its own WiFi and mesh network radios. All devices are sandboxes from your local area network.

Secure Communications

All communications between the Seam Infrastructure and Seam Hubs are encrypted.

Unique Auth Token

Each device receives a unique token for communicating with our cloud API.

API & Services

HTTPS Everywhere

We forces HTTPS for all services using TLS (SSL), including our public website, dashboard, and gateway clients. We use HSTS to ensure browsers interact with Seam only over HTTPS and we are working on adding Seam on the HSTS preloaded lists for major browsers.

Webhook Signatures

We sign all webhook request to your servers so that you can verify their authenticity.

API Key Storage

We do not store your Seam API key in clear and have no ability to decrypt it.

Credential Scanning

Seam API credentials are branded and submitted to major credential scanning programs to help prevent leaks from accidental version-control commits.

Infrastructure Isolation*

We can run your Seam Infrastructure separately from other Seam customers. We are also exploring letting you run Seam on your own servers for additional control and isolation. *(upon request)

Vulnerability Scanning

We scan our own software stack for vulnerabilities and perform updates when detected.

SSO & Soles

(coming soon) -- We support Single-Sign-On to give you greater control over who has access to your Seam apps, as well as permissions for finer granularity of resource access.

Found something?

Vulnerability Disclosure

Please review our Seam Vulnerability Disclosure Guidelines

and Email us at [email protected] You may encrypt your message using our public age key.

Aage1kvksztewlcvg6c0edf57d46sa6dqwdfcrskunfw9ntxmg7zvsfmsqv5tg8