We don’t want your data
We believe Marshal is a valuable service that allows people to quickly, easily and securely see if they are unknowingly sharing exposed personal information through a cloud storage service like Dropbox or Google Drive. But it’s worth stating bluntly — we do not store nor do we want your data!
In the wake of data breaches like the one at Equifax, it’s more important than ever to be vigilant and protective of your personally identifiable information like Social Security numbers and credit card numbers. We never want to be another vector of exposure for you.
- Authorization is required. Marshal requires individual authorizations to each of your services via OAuth in order to access your files.
- We do not ask for your SSN or credit card number to complete your scan. Once you set your scan, our algorithms identify any (not just yours) of that exposed information sitting open in your cloud files. You never give us your information in order to find it.
- Your data never rests on disk. Our scanning is all done in-stream. That means as your files are scanned, they are not stored and data does not rest on disk.
- The entire process is encrypted. We encrypt your data throughout the scan to protect it — every request you make, all of your data throughout a scan, and all of your redacted threat fragments.
- Threat reports are sanitized and redacted. Only the person who authorized the report can see it, and only fragments of any exposed data found are kept. For instance, if we find a phone number, only the last four digits, along with its location in the document are kept so that you can easily find the threat and take appropriate action.
Marshal is a product of Onehub, a Seattle-based, venture-backed enterprise file sharing startup that was founded in 2008. We know how to keep your cloud data secure.
If you have any questions about Marshal or how it works, send us an email to email@example.com and we’ll be happy to answer it.