We take security seriously. OSTREON Inheritance was developed by cybersecurity experts, with the highest cybersecurity standards.

To confirm that our security truly implements the highest standards in the industry, we conducted a pen-testing exercise with KPMG to ensure and validate our secured architecture. The results are straightforward: There is not even one security issue in the OSTREON Inheritance platform, and KPMG experts were unable to retrieve or access any resources from our servers. It can only make sense as we do not store the private encryption keys of our customers and we separate identified information kept for billing from customer data. This way, even if unauthorized entities gain access to the data, it remains unreadable without the corresponding keys.

We have made it unworthy for a hacker to even consider trying.

Remember - Not your private key, not your data!

While many platforms claim that they are 'secured', almost none is securing your data with your private encryption key, implementing the right security measures as described below, and running pen-testing by one of the big-four like KPMG.

With OSTREON Inheritance - your data is safe, secured, private, and anonymous. You can have peace of mind.

OSTREON Inheritance - Everything you need out of your digital inheritance platform.

In an era dominated by digital technologies and an ever-increasing reliance on the cloud, ensuring the security of sensitive information has become paramount. This is particularly true for companies storing valuable information, like financial institutions, insurance companies, or your digital inheritance platform. Where safeguarding digital assets is not just a necessity but a commitment to customer trust. OSTREON Inheritance takes comprehensive measures to fortify the security of its innovative digital inheritance platform. Let's delve into the cybersecurity protocols implemented in OSTREON, which include "Zero Trust" and "Zero Knowledge" principles, HTTPS encryption, AWS storage, and AES-256 encryption with our customer's private keys.

1. Zero Trust Architecture:

In OSTREON Inheritance, we embraced the Zero Trust security model, a paradigm that operates on the principle of "never trust, always verify." It’s reflected by encrypting each customer's data with his private key, which is never shared nor stored with OSTREON. so no one except the customer can access his data. No one including OSTREON employees, governments, unauthorized access, etc. For this reason, you can’t reset your password if you forgot it. We don’t have your key to decrypt your data and encrypt it again with your new key (based on your password). Zero trust is securing your private data.

This way, even if unauthorized entities gain access to the data, it remains unreadable without the corresponding keys.

2. Zero Knowledge Principle:

Building on the foundation of Zero Trust, OSTREON Inheritance adheres to the Zero Knowledge principle, ensuring that the company has minimal knowledge of the user's data. First, it means we don’t have your private key. Second, it means we store the minimum by law data we must store - billing data, and it’s stored on a separate and secured server, so there is no way to relate your billing data to your encrypted and secured inheritance data. We have zero knowledge about what you are storing and why.

3. HTTPS end-to-end Encryption:

OSTREON Inheritance implements HTTPS encryption throughout all the data in transit. This is achieved through the use of Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocols, encrypting the communication between users and the platform. This ensures that any data exchanged, such as login credentials (hashed) or personal information, is protected from interception by malicious actors attempting to eavesdrop on the communication.

4. AES-256 Encryption with Private Keys:

OSTREON always encrypts and/or hashes your data on your local device before anything is sent to OSTREON cloud servers for storage. OSTREON servers are only used for storing your encrypted data.

For this encryption, OSTREON uses Advanced Encryption Standard (AES) with a 256-bit key length – a widely recognized and formidable encryption standard, the same used for banks and other financial institutions to protect sensitive customer information.

To provide an additional level of security, each customer's data is encrypted using a unique private key. This means that even if unauthorized access to the storage is achieved, the data remains encrypted and unreadable without the specific decryption key associated with that customer.

5. Two-Factor Authentication

OSTREON forces the usage of a Multi-Factor Authentication (MFA) for all connections to our web or mobile application. It is crucial in bolstering the security of digital systems and accounts due to its ability to add an extra layer of verification beyond traditional password protection. It validates who you claim you are.

By default, your authentication factor is an OTP code sent to your email, but you can easily change it to another supported method in the “my account” section. You can only bypass the two-factor authentication with your recovery code, in case you forgot your password or lost access to your two-factor authentication method.

Every time a customer creates a new beneficiary, OSTREON Inheritance automatically generates a unique 'copy' of their private key for each beneficiary. This unique key is split into two parts: something known only to the beneficiary and something known only to the algorithm. Access to the beneficiary space is exclusively granted to the individual possessing both parts of the key. This key will be activated only through a special access link delivered automatically to the beneficiary when the specific inheritance criteria are met, and access is possible only then. No one can access the beneficiary space before.

When the time comes, the OSTREON Inheritance application automatically unlocks access for the specific beneficiary. It provides them with a special link via email, along with the missing 'personal code' required to access their designated space. This process combines information set by the customer that only the beneficiary knows: a unique personal key shared automatically by email, access to the beneficiary's email inbox, and two-factor authentication (2FA). Only then can they access their personal beneficiary space.

As we mentioned - adhering to the highest security standards!

A: You can trust us for a few reasons:

A: No, your data is fully encrypted and/or hashed before leaving your local device. This means no one from the OSTREON team can ever see, read, or reverse engineer it to access your real data. OSTREON servers exclusively store encrypted and hashed data.

A: Your data is encrypted with your private key, which is never shared or sent to OSTREON servers. It's encrypted in your browser and sent to OSTREON in an encrypted and unreadable format, using the strong Advanced Encryption Standard (AES-256). As no one at OSTREON can decrypt and read your data under any circumstances, the same applies to a hacker, should they ever manage to hack OSTREON servers.

OSTREON takes extensive measures to secure its websites, applications, and cloud servers. Our server infrastructure and security are managed using the most advanced, secured, and proven AWS managed services. In the unlikely event of a hack and exposure of data, your information remains protected due to robust encryption and one-way salted hashing applied to your data and login credentials.

A: Yes, as a European enterprise, we are committed to complying with GDPR and CCPA to safeguard the privacy of our customers worldwide. For more details, please refer to our privacy policy.

A: Yes. OSTREON has rigorously tested its security infrastructure, collaborating with KPMG, one of the big-four vendors. The recent penetration testing exercise confirmed the platform's resilience against unauthorized access, assuring users of its robust security.

The results are straightforward: There is not one security issue in the OSTREON Inheritance platform, and KPMG experts were unable to retrieve or access any resources from our servers.

A: OSTREON utilizes AES-256 encryption with individual private keys for each customer. These keys are never stored on our cloud servers, ensuring end-to-end encryption. Even in the event of a breach, the data remains indecipherable without the corresponding decryption keys.

A: No, OSTREON does not store customers' private encryption keys. This additional security measure ensures that even if someone gains access to the encrypted data, decryption is impossible without the specific private key associated with each customer.

A: No, OSTREON does not store customers' private encryption keys. This ensures that no one within OSTREON can decrypt or access customers’ inheritance data. The only person with this ability is the customer themselves.

A: Every time a customer creates a new beneficiary, OSTREON Inheritance automatically generates a unique 'copy' of their private key for each beneficiary. This unique key is split into two parts: something known only to the beneficiary and something known only to the algorithm. Access to the beneficiary space is exclusively granted to the individual possessing both parts of the key. This key will be activated only through a special access link delivered automatically to the beneficiary when the specific inheritance criteria are met, and access is possible only then. No one can access the beneficiary space before.

When the time comes, the OSTREON Inheritance application automatically unlocks access for the specific beneficiary. It provides them with a special link via email, along with the missing 'personal code' required to access their designated space. This process combines information set by the customer that only the beneficiary knows, a unique personal key shared automatically, access to the beneficiary's email inbox, two-factor authentication (2FA), and only then can they access their personal beneficiary space. As we mentioned - adhering to the highest security standards!

A: Users can trust OSTREON due to its unwavering commitment to implementing and continuously improving industry-leading security measures. The combination of Zero Trust, encryption practices, regular testing, and privacy safeguards demonstrates OSTREON's dedication to safeguarding the confidentiality and integrity of users' inheritance data.

Contact us at support@ostreon.io, or using our chatbot at the bottom right corner.