Security from the Hardware on Up.
We designed and built Seam from the ground upto protect both privacy and security.
Pinned firmware certs
Sandboxed networks
SSL everywhere
Data encrypted at rest
Warrant Canaries:
Removal of a canary shall imply that Seam has received one or more legal procedure preventing it from making such statement.
About Warrant Canary (EFF) →FISA
Seam has never received a secret government request to hand over user information.
Wire Tapping
Seam has never installed law enforcement software or equipment in our stack or network.
Account Termination
Seam has never terminated a customer because of political pressure.
SSL Keys
Seam has never turned over our SSL keys or our customers' SSL keys to anyone.
Data Handover
Seam has never provided any law enforcement organization a feed of our customers’ data.
Data Modification
Seam has never modified customer data at the request of law enforcement or another third party.
Encryption Modification
Seam has never weakened, compromised, or subverted any of its encryption at the request of law enforcement or another third party.
Security & Privacy Features
A rapid overview of our security & privacy features
Firmware pinned tokens.
At the factory, each device receives a unique authentication token for communicating with our cloud API. This ensures that devices don't have to share a common provisioning key or risk time-of-first-use attacks when connecting to our API for the first time once they've left the factory.
(coming soon)
Full disk encryption.
Our gateway has full-disk encryption to protect leakage of sensitive device data.
Sandboxed IOT Devices.
No need to expose your wifi to IoT devices. Our hub comes equipped with its own wifi and mesh network radios and firewalls all your IoT devices from your local area network.
Don't poke holes in your firewall.
Secure Tunneling to cloud.
Our hub established a secure tunnel with the Seam API using a uniquely generated certificate.
SSL all the things.
HTTPS everywhere.
We forces HTTPS for all services using TLS (SSL), including our public website, dashboard, and gateway clients. We use HSTS to ensure browsers interact with Seam only over HTTPS and we are working on adding Seam on the HSTS preloaded lists for major browsers.
At-rest data encryption.
All data tied to your device and usage, such as device events and action requests, are encrypted at rest. The private key for decrypting this data is only accessible to a strictly controlled list of individuals within Seam.
Webhook signatures.
We cryptographically sign all webhook request to your servers so that you can verify their authenticity. Furthermore, we provide you the ability to add HTTP Basic Auth credentials for Seam to make such requests to your servers. These credentials are encrypted at rest.
See Webhook Docs →(Available upon request)
Cloud infrastructure isolation.
Seam can host on infrastructure physically separated from the data belonging to other customers. Please contact us if your application requires such a setup.
SSO and Granular Roles
Seam’s internal dashboards support SSO and granular roles to scope data access within your organization.
Found a Vulnerability?
Email us at [email protected] Please encrypt your message using our public age key:
age1kvksztewlcvg6c0edf57d46sa6dqwdfcrskunfw9ntxmg7zvsfmsqv5tg8