Luciditi was designed from scratch in 2017 as a highly secure, cloud-based identity and data sharing product. Obviously you would expect us to say that it was secure and you would also expect us to employ state of the art encryption technology under the hood. However, without revealing anything that would compromise its security, here's how we have approached it.
There are multiple facets to the Luciditi Service which work in concert to provide a seamless user experience. Briefly, key elements comprise of Data Storage, Web Services, Web and Mobile Applications, Encryption Key Storage and System Monitoring.
We employ physical separation of user data from application data ensuring that there is no single 'honey pot' of data. Even if user data was stolen, there would be no way to tie it to a specific user, nor could it be read without the owner of that data's encryption key.
Each individual data item (eg Name or Date of Birth) is stored and encrypted separately so just retrieving information about one person requires multiple requests and knowledge that not present within the same data set.
The Luciditi Data service runs on entirely separate hardware, accessible only to the Luciditi Service and never the outside world. The only way to retrieve data from it is via Luciditi itself.
Data is transferred between architecture elements using a combination of high-strength symmetric and asymmetric encryption (also known as 'public key encryption'). Encrypted data can only be read by the owner of the private key which is held individually by Organisations or App users - not Luciditi. It's not possible for us or anyone else to read your data.
No data is stored in the Luciditi app so losing your device does not mean losing your data.
The app is further secured by pin or biometrics (device dependant) and certain 'account actions' require password confirmation.
Data hashes and digital signatures prove the authenticity/immutability of data so that you can be sure that when you receive data from someone else, it cannot have been modified since it was first attested by a trusted authority.
What all this means is that the Luciditi is secure. More importantly, you and only you can read your data unless you give someone your explicit consent to read the data you choose. That's why you can trust Luciditi to hold and exchange your data.