At the highest level and by necessity, SkyKick will always have the same level of access to customer data that is implied by the permissions of the credential the partner provides us. In order to back up the data, SkyKick needs access to the data. However, SkyKick maintains a strict access policy and a set of industry-standard mechanisms for ensuring the privacy and security of backed up customer data.

Additionally, SkyKick Cloud Backup only restores data to the original mailbox or site to prevent a non-owner of the mailbox or site from accessing its data.

We do the following:

• Per-contact AES-256 encryption backed by RSA 2048-bit public private key certificates managed via the Windows/Azure infrastructure for both credential management and user content.
• Certificates are separated by both environment (production/testing) and value type (credential/content).
• Engineer access is controlled on a needs basis by role-based access to both the compute infrastructure and the certificate private keys. Only engineers requiring access to deploy or trouble-shoot production environments are granted access to those environments.