Born to be secure to Security at its best

Data encryption and robust security

Sendwin was built with security in mind from the start. We understand that managing your sessions entails a considerable deal of responsibility, and this informs all of our actions. We want to be completely transparent, so please read the following page for answers to the most often asked security questions.

What's the story behind Sendwin?

Sendwin is made up of three primary parts: a server that handles administrative activities, a data store that stores user information, and a browser plugin.

Sendwin is active all over the world.

We choose not to create our own infrastructure and instead depend on third-party cloud providers with unlimited capacity to deliver a rock-solid and secure platform. Before deciding on a cloud provider, we look to see whether their privacy and security policies and certifications fit our needs.

What is the location of my data?

Save sessions and unsaved sessions are all supported by Sendwin. Each kind is kept in its own location, but they're all encrypted in such a manner that only the locally stored keys may decode them. Unsaved sessions are kept in the runtime memory of browser. Our data storage keeps track of synced cloud sessions. Unsaved sessions data are not sync to our server and stored at local storage of your browser.

Our servers are hosted on Amazon Web Services and are situated in the United States.

Our site is linked to our secure server, and our extension is operating on it.

What sensitive data does Sendwin store?

We are storing two kinds of information when you use Sendwin. We are storing metadata for your sessions which contains the following information: your session's color, icon, launch url, group and some other technical details. In some cases we also store your session's cookies.

How are my sessions protected?

The extra sensitive parts of your sessions are encrypted and decrypted on your device. We never send your cookies or other extra sensitive data to our servers without encryption. The keys which are required to decrypt your data are available only on your device and never sent to our servers or data stores.

We always use open-source cryptographic libraries and standard algorithms (AES-256 for symmetric operations and RSA 2048 bit for asymmetric operations). We never write our own cryptographic code or modify existing libraries.

Our components are always communicating through secure connections via Google cloud infrastructure.

Can Sendwin developers access my sessions?

No, they can't. Your session cookies are encrypted and cannot be decrypted without knowing your secret key. Your secret key resides on your computer and is never sent to us.

Are my local sessions protected?

We are using the same encryption mechanism for local sessions and synced sessions. If you log out from Sendwin your sessions cannot be decrypted until you log in again, even if someone has direct access to your computer.

What if I use Sendwin in Guest mode?

We are using the same encryption mechanism when you use Sendwin in Guest mode. However, someone, who has direct access to your browser could log you in and access your sessions. We recommend creating an account to password protect your extension. You can enable the "Turn off sync by default" option in the options menu, and use your extension like in Guest mode.

What can I do to secure my sessions?

To ensure the security of your sessions, create a Sendwin account. Choose a strong password and keep your password a secret.

What other data does Sendwin log?

Like other applications, we are logging some non-identifying usage data. This data is handled by Google Analytics, and it doesn't contain any sensitive information and it is anonymous.

If some error happens we create crash logs. We use these crash logs to stabilize our application and proactively fix possible problems. All sensitive data is filtered from these logs at device level and no sensitive data is sent.