Emotion and journal entries can be very sensitive information. For the same reason we say “I’m fine” to most people, when we really are not, we don’t want notes, journal entries or emotion logs to fall into random hands. Security has been important to WeFeel from day one, and it exists on two sides: your phone and our cloud.
On your end, your entries are as secure as you want them to be. The first layer depends on what you use to make your phone or tablet secure. Does it take a fingerprint, pattern, or password to get into your phone? You have control of the security for your phone or tablet. You might want to consider updating the security of your phone if this is something that concerns you. One of the updates we are considering is adding an optional layer of security by letting you choose if a 4 digit pin is required to log and view entries. If that is something you want to see, let us know in the comments. You could push it up the priority list for development.
On our end of things there are multiple layers of security. The first one is that your information cannot be retrieved to a phone, tablet or computer without the same 3rd party authentication you originally set up. We support Google, Facebook, Twitter, and Microsoft authentication, and you choose which one you want to use. The next level is an optional pass phrase you can set up when you create your account that will double encrypt your files. That means that even if someone was able to guess who you authenticated with AND was able to get your username and password, they would still need to know your secret pass phrase to get your data. But it has to be something you won’t forget, because unlike your password to your email or other logins, we can’t retrieve it for you.
The last layer of security is our cloud. WeFeel uses the Microsoft cloud to store our data. Microsoft’s servers have a level of security and privacy that complies with storing other sensitive data, like medical records. Your data can only be accessed by you (and those you have shared with)* and it requires a long string of “dna” to find that data and send it back to you. We don’t use your email address or other identifiable information to mark your record in the cloud, which means even if someone was able to get past all the security we have in place and access the data they couldn’t identify you.