What information do you keep on your servers, how is it protected, and is it anonymized? What legal risk might a user face using your product?
All of our data is encrypted; we only require a few items from you about your personal information including, but not limited to, email, WiFi credentials (encrypted), username, and timezone.
As far as legal risk, we recommend you know your local laws and follow them.
Why do you need the wifi credentials? I can understand the device itself needing the credentials bit not your server. I am a pentester and now I’m eager to get my grobo and try hacking it. You can bet I’m going to do a whole audit on it.
Good question. The credentials are needed to connect the Grobo but they aren’t stored on the servers.
They’re simply passed from the device (computer/smartphone) to the unit during the WiFi pairing process and are stored on the unit with encryption. To remove WiFi credentials simply factory reset your Grobo and the credentials will be wiped clean.