How Secure is the ShuttleCloud Email Migration App?
The ShuttleCloud Email Migration app utilizes the same technology that Google uses to migrate users on their consumer Gmail service.
Google maintains an incredibly high standard, and as a company with the distinct privilege of working with Google, ShuttleCloud is also held to a rigorous standard of security. In addition, in 2012, our team found security flaws in Google’s system and inducted an engineer into the Google Application Security Hall of Fame in Q2 2012.
How does ShuttleCloud Store Login Credentials?
For accounts on the G Suite domain, ShuttleCloud does not store login credentials. ShuttleCloud only stores a private key that our tool uses to authorize with Google. ShuttleCloud will never need any login credentials to migrate accounts within a G Suite domain that has ShuttleCloud installed.
After an application is downloaded from the Marketplace, permissions need to be granted before it can interface with G Suite. When a customer authorizes a third-party app, a key is generated that the application has to authorize with Google every time it needs to access the account. The key regularly changes, and the specific permissions for any application can be changed or removed within the G Suite Admin Console.
What about Accounts not on the Google Apps Domain?
We do need to store login credentials for user accounts not on the Google Apps domain. We always encrypt credentials before storing, and we split credentials onto multiple servers as an added precaution. Once the migration is complete, these are deleted.
Can ShuttleCloud Read My Emails?
The short answer is NO -- none of your emails are stored on our servers, and it is impossible for any of our staff to read your emails. Our migration tool never stores the content of emails; instead, it stores the header information of each email so that it can later ‘fetch’ that email from one IMAP server to another.
The header information that is stored by our tool is the source account, destination account, the size, date, and the message ID. The To and From fields are also hashed and stored, but the Subject line is not stored. With this information, the content of the email is not required for migration.
Once the migration completes, the header data and account credentials are purged from our servers.