Sendbird server uses Transport Layer Security (TLS) and Secure Sockets Layer (SSL). All communications to and from the server use TLS/SSL encryption with both server-side and client-side authentication for devices. In addition, the server is securely managed in ISO 27001, SSAE-16, SOC 1, SOC 2, and SOC 3 certified data centers.
If needed, you can implement end-to-end encryption before messages are sent and after they are received but moderation tools and search features will not work properly.
One example of Sendbird’s security features is the file encryption feature, which prevents unauthorized access to shared files within a group of users. When this feature is turned on, all types of sent files and thumbnail images are first uploaded to the Sendbird server, and then encrypted by AES256. In a channel, encrypted files and thumbnail images are decrypted and accessed securely only by the users in the channel. Anyone outside of the channel and application won’t have access to these files and thumbnail images.
When the Chat SDK requests an encrypted file by its URL, the auth parameter should be added to the URL to access the file, which is specified with an encryption key of the user such as ?auth=RW5jb2RlIHaXMgdGV4eA==. With the specified key in the auth parameter, the Sendbird server first decrypts the file, then checks if the user belongs to the channel, and finally, allows the user to access and open the file in the channel.
Overall, Sendbird’s security features ensure that user data and files are protected and only accessible by authorized users within the appropriate channels.