Here are some of the more commonly asked Hubstaff security questions:

Question:

How are the screenshots uploaded to Amazon S3? Specifically what ports and protocol?

Answer:

Screenshots captured on our timer applications are uploaded via SSL over the standard HTTPS port (443)

Question:

Does the timer application initiate the upload of desktop screenshots or is this done from the server?

Answer:

The timer application initiates all screenshot uploading, screenshots never pass through the server.

Question:

Are the screenshots encrypted at rest on the amazon servers? To be HIPAA compliant data needs to be encrypted at rest as well as in transit.

Answer:

Screenshots captured on our timer applications are encrypting at rest and in transit, using AES-256 and TLS 1.2+.

Question:

Do you capture keyboard keystrokes or mouse clicks?

Answer:

We do not capture or upload keystrokes or mouse clicks.  We track and upload total seconds within a 10 min block where there was “activity” (mouse or keyboard usage) and the total seconds “worked” roughly every 10 minutes via SSL (port 443).

Question:

Who has access to my screenshots?

Answer:

On the web dashboard, screenshot visibility is customizable—you can blur them or limit access by role. Please refer to our permissions guide to learn more about who can view your screenshots in the Hubstaff web app. Now, regarding access, please note that:

Hubstaff has chosen to store all screenshots on Amazon’s S3 servers. We have selected AWS because of its industry standard security levels, uptime of data, and speed. Amazon’s servers, however, will obfuscate screenshots. You can read more about Amazon’s security measures here: http://aws.amazon.com/s3/faqs/#How_secure_is_my_data

 

Back to top