FAQ

Frequently Asked Questions

One of the main advantages of Safevia is that instead of sending plain text or encrypting text and files on the server, it always encrypts content directly in the web browser on the sender’s device. Subsequently, decryption is done in the receiver’s web browser. Encryption/decryption key is never sent to the server and only used directly in the web browser.

Safevia is using the AES-GCM symmetric encryption algorithm with a 256-bit length key. In passwordless mode the key is generated randomly. In password mode the encryption key is derived based on password by PBKDF2 function with SHA-256 hash through 150000 iterations with a 128-bit random salt. These are strong, mature, and proven cryptography standards.​

Safevia focuses primarily on security. We believe that security and transparency should go hand in hand so that every user can verify how this service works. This is why all JavaScript source code files – including parts responsible for encryption and decryption – are fully auditable, which means: no minimization, no obfuscation, easily readable. So anyone familiar with programming can easily verify that:

• message text and files are not transferred in an unencrypted form to the server
• data on the server cannot be easily decrypted because the encryption/decryption key is protected
• way of encryption is valid and secure
In Safevia there’s no executable code in the service that cannot be managed by us. In particular, this site doesn’t use any external tracking and analysis services or commercial advertisement networks. What’s more, for cleanliness and safety, the source code does not have any code dependencies in the form of external libraries.

In case an indexing bot or preview generating bot would visit URL (because it has been sent through e.g. Gmail or Facebook), it won’t see an unencrypted message directly. Button has to be clicked manually or intentionally automated first to run decryption. Each such try to fetch encrypted messaged (even automated) will be logged. What’s more, in password-based mode content is fully protected from bots.

Without having access to the full link (URL address) to the message, no one from Safevia Administrators will be able to read the content. This means it is also much harder for hackers to intercept the content of all the messages and files. You don’t have to trust us, but you can trust the cryptography and code audit source.

Safevia Forms supports WordPress version 5.3 and newer. We test Safevia Forms on the newest version of each minor versions – eg on 18th July 2021 these have been:

  • 5.3.8
  • 5.4.6
  • 5.5.5
  • 5.6.4
  • 5.7.0
  • 5.7.1
  • 5.7.2

Although Safevia Forms has been tested to work, we echo the WordPress recommendation to use the newest version, as previous may not be safe to use due to issues in WordPress itself.

Our Products

Safevia Forms

A tool for encrypting contact, purchase and survey forms.

Safevia Messages

It will ensure safe transmission of sensitive data and files with customers and inside your company.

Safevia Chats

Encrypted corporate chat increasing the security of data transmission.

Coming soon!

Safevia e-Trade

A tool for safe trade in digital products.

Coming soon!

Coming soon!

Coming soon!

Dedicated solutions for ecommerce and webinar hosts

Products

Safevia Forms

Safevia Messages

Safevia Chats

Safevia e-Trade

Safevia

Follow us!