Security from the Hardware Up
Verified software chain
Sandboxed networks
SSL everywhere
At-rest data encryption
Behind the scenes.
Warrant Canaries
FISA
Seam has never received a secret government request to hand over user information.
Wire Tapping
Seam has never installed law enforcement software or equipment in our stack or network.
SSL Keys
Seam has never turned over our SSL keys or our customers' SSL keys to anyone.
Data Handover
Seam has never provided any law enforcement organization a feed of our customers' data.
Account termination
Seam has never terminated a customer because of political pressure.
Encryption modification
Seam has never weakened, compromised, or subverted any encryption at the request of law enforcement or a third party.
Data modification
Seam has never modified customer data at the request of law enforcement or a third party.
Under the hood.
Security Features
Hardware
Image Flashing
All Seam hubs are flashed with our own machines. We do not provide the image directly to a third-party.
Secure Boot
Our operating system verifies itself at boot time to ensure that it has not be tampered with.
Secure Enclave
We store hub credentials in the device’s secure enclave to prevent introspection.
Private/Public Key
The hub generates its own key pair. The private key never leaves the device. The public key is provided to our servers for verifying signatures.
Signed & Verified Updates
All over-the-air updates are signed. The signature is checked when it is received by the device. We use The Update Framework to provide additional guarantees, such as preventing update replay attacks.
Filesystem Signing
(coming soon) -- We sign the hub filesystem to prevent offline tampering of software while your hub is off.
Networking
NAT Traversal
We do not require opening new ports or allowing traffic over non-standard TCP/IP ports.
Network Sandboxing
The Seam Hub comes equipped with its own WiFi and mesh network radios. All devices are sandboxes from your local area network.
Secure Communications
All communications between the Seam Infrastructure and Seam Hubs are encrypted.
Unique Auth Token
Each device receives a unique token for communicating with our cloud API.
API & Services
HTTPS Everywhere
We forces HTTPS for all services using TLS (SSL), including our public website, dashboard, and gateway clients. We use HSTS to ensure browsers interact with Seam only over HTTPS and we are working on adding Seam on the HSTS preloaded lists for major browsers.
Webhook Signatures
We sign all webhook request to your servers so that you can verify their authenticity.
API Key Storage
We do not store your Seam API key in clear and have no ability to decrypt it.
Credential Scanning
Seam API credentials are branded and submitted to major credential scanning programs to help prevent leaks from accidental version-control commits.
Infrastructure Isolation*
We can run your Seam Infrastructure separately from other Seam customers. We are also exploring letting you run Seam on your own servers for additional control and isolation. *(upon request)
Vulnerability Scanning
We scan our own software stack for vulnerabilities and perform updates when detected.
SSO & Soles
(coming soon) -- We support Single-Sign-On to give you greater control over who has access to your Seam apps, as well as permissions for finer granularity of resource access.
Found something?
Vulnerability Disclosure
Email us at [email protected] You may encrypt your message using our public age key.
Aage1kvksztewlcvg6c0edf57d46sa6dqwdfcrskunfw9ntxmg7zvsfmsqv5tg8