Those active sessions are further secured by regularly rotating authentication keys within the session cookies, based on the users unique Samewave account, from the core Samewave API to the users device, preventing any possibility of middle-man attacks or other breaches between the client and the server.
Samewave’s servers are hosted with Heroku, a highly respected Platform-As-A-Service (PaaS) provider. Through that we benefit from their stringent and industry standard security compliance, including: ISO 27001, SOC1 and SOC2/SSAE 16/ISAE 3402, PCI Level 1, FISMA Moderate, Sarbanes-Oxley (SOX) and SSL 1048 bit. In addition to that are a range of vulnerability management, environmental safeguards, network, data and system security in place with Heroku. For more detailed information please refer to their security policy here: https://www.heroku.com/policy/security.
We aim to keep our service safe for everyone and we abide by the responsible disclosure principles, if you are a security professional and have discovered a security vulnerability in Samewave, we greatly appreciate your help in disclosing it to us in a responsible manner and we will respond to any such disclosures within 24 hours.