The security of our users is very important to us at Meta. Every choice we make and feature we add is examined with security in mind.
What We Keep
To provide you with lightning-fast search across all your cloud platforms and devices, Meta stores certain pieces of information about your files, as well as usage data from your interactions with Meta.
Cloud Account Tokens
When you integrate a cloud service with Meta, the industry standard OAuth protocol is used to synchronize your account. The credentials that Meta receives are then automatically encrypted before they are stored or transmitted, and are only accessible within our cloud system. Even if someone were to gain access to your Meta account, they still would not have access to the decrypted version of these credentials, so your other cloud accounts would remain safe and secure.
To automatically tag your files and provide you with the best possible search quality, Meta processes the content of your files. Where possible, Meta only sends extracted text from the document, leaving behind the rest of the content. The parts of a file that do get uploaded are encrypted by Google Cloud Platform’s built in tools and by Meta with industry standard AES-256 encryption. Employees of Meta do not have direct access to your files.
As soon as a file’s content enters our system, Meta analyzes it to produce tags and other searchable information from the document. These tags are sent to our database and search indices. Once the tags are stored, Meta erases the file from our system. Meta does not store your files.
Once your files have been analyzed, the basic metadata and extracted tags are stored in search indices that allow the most relevant results to be retrieved extremely quickly. Currently, this information is kept on high-performance enterprise servers hosted by Algolia. Their enterprise tier provides us with dedicated hardware specific to Meta. Once the tags and metadata we’ve extracted from your files are in this search index, no one has access to that content but you.
To continually improve the search quality and user experience that Meta provides, we leverage a number of common technologies that give us insight into user behavior. To monitor the performance, we use New Relic for our web and mobile apps. We also collect bug and crash report data through Sentry and Crashlytics.
As you modify and interact with files, Meta receives notifications from your cloud services and your Mac Client to efficiently keep your files up to date. We also keep track of search activity through an internal metrics system that securely stores data within Google Cloud Platform. This information is used to continually improve the quality of our searches and the user experience that Meta provides. Meta also reacts to your usage in real time to improve the quality of search results that you see.
Stripe Billing Token
Web Security Standards
We use HTTPS with the strictest security settings to ensure that users are always communicating securely with our servers. We also use a number of web security features to ensure that users can only communicate with us over encrypted connections.
Ongoing Security Efforts
We constantly audit our application for security vulnerabilities.
If you are a security researcher and have an issue to report, please responsibly disclose it to us. You can send us an email at firstname.lastname@example.org. We also have a bug bounty program set up at hackerone.com/metasearch that is currently in invitation-only mode. We plan to launch it publicly in the near future. If you would like to take part in that program now, just send us an email.