Engineering > Security

Security at Procuret

Protection of data is our first priority. Whenever we make an engineering decision, security considerations come first and foremost.


Data are encrypted at rest and in transit.

At rest, data are encrypted using the AES-256 algorithm. This includes all backups. In transit between client devices and Procuret servers, data are encrypted using the Transport Layer Security (TLS) 1.2+ standard.

Access to encryption keys is tightly controlled.


All passphrases are hashed using the Argon2 algorithm and individually salted with 64 bits of random text. Procuret does not retain plain-text passphrases, and enforces secure passphrase content requirements.


Inside Procuret, access to data are strictly controlled. Employees can only access subsets of data strictly required for their task. Applications may only act on data as an agent of a properly authenticated and authorised human being.


Machines dealing with Procuret data do not have addresses on the public internet. Machines facing the public internet will not respond to any request from the internet other than HTTPS and ICMP. All HTTP requests are redirected to HTTPS with TLS 1.2+.