All communication between clients and Rockhopper is encrypted with TLS 1.2 or higher. Unencrypted connections are never accepted.
Web application
HTTPS (TLS 1.2+)
Excel add-in
Google Sheets sidebar
Real-time updates
WSS (TLS-encrypted WebSocket)
Microsoft Graph API
Google APIs
SSL certificates are managed and renewed automatically. All HTTP requests are redirected to HTTPS.
All persistent data is encrypted using AWS-managed encryption services:
Database (PostgreSQL)
AWS RDS encryption with AES-256
Version snapshots (S3)
Server-side encryption (SSE-S3) with AES-256
Secrets and credentials
AWS Secrets Manager with KMS
Rockhopper uses OAuth 2.0 for authentication with Microsoft Entra ID and Google Identity. Microsoft access tokens are:
Held in memory only during the user's active session
Never persisted to disk, database, or browser storage by Rockhopper
Transmitted exclusively over encrypted channels
Google OAuth refresh tokens are encrypted and stored in the database to maintain persistent file access for change tracking.
Last updated 3 months ago
