Crisp takes your security and the security of your website visitors very seriously. Our team implemented security best-practices at every level.

Ubiquitous Encryption

Encryption has become so cheap and convenient today that it's now possible to enable it everywhere. All public network channels on the Crisp platform are fully encrypted. This comes for both assets loading (Web resources), and real-time chat channels (user messages and user data).

Our encryption techniques implement state-of-the-art practices:

Strong TLS keys: RSA, 2048 bits
Elliptic-Curve Cryptography
Forward-Secrecy with Diffie-Hellman parameters
HTTP Strict Transport Security

We dropped legacy encryption methods to alleviate known attacks:

The old SSL protocol is completely disabled (we use TLS)
Legacy ciphers are disabled (eg: RC4)

This allows you and your users to stay safe:

Hide the data as it is being transmitted on the network
Prevent all modification of data as it is being transmitted on the network
Prevent MITM (Man-in-the-middle attacks)
Allow the service to work on restricted networks, over strict proxies

Infrastructure Hardening

Server hardening is also critical in ensuring the best security for our users.

Here are some of our practices in terms of infrastructure management:

All Crisp domains are protected with DNSSEC
Server authentication using protected SSH keys
SSH services are not publicly reachable and are limited to a set of allowed IPs
Abusing IPs get automatically banned or rate-limited (prevents brute-force attacks on accounts)
Denial-of-service protections are set everywhere (this ensures service resiliency under attack)
Messaging servers are hosted in 🇳🇱 The Netherlands
Plugin servers are hosted in 🇩🇪 Germany
All the servers and services are running latest security updates and patched immediately when a kernel vulnerability is published

Security Practices In Our Team

Our whole team implements strict security practices regarding how they access their accounts:

Crisp always refused to sell any data and our policy is to respect your data privacy. Our business model is based on paid Crisp subscriptions. Not on your data
Two Factor Authentication on third-party services Crisp uses
Our SSH keys are all password-protected
All the features are designed around security and reliability
Every computer running Crisp development tools is secured and up to date
All Crisp employees, agents, and providers are trained in data-security practices.

If you have questions regarding Crisp security, chat with us!
Was this article helpful?
Thank you!