Have a question?

What is Dekko?

Dekko is a secure, cloud-based communication platform providing file storage with powerful sharing capability, document approval, messaging and video conferencing. Running on a combination Microsoft Azure and Oracle Cloud, it is appropriate for both consumers and B2B/B2C. It is free from spam and phishing, prevents leaks and misaddressing, has fully verified send and receive, an audit trail and user and group based security policies. Dekko runs in a web browser and uses TOTP for 2FA and is AAD integration ready.

How is my communication and data secured?

Dekko uses end-to-end encryption to secure all data uploaded and shared, messaged or sent and received in a video conference. Unlike other common communication platforms, we do not hold the keys to your data. Data passing through the network cannot be decrypted using information on the servers; the encryption and decryption process can only occur on the end-user’s device, and this is why no one else – including advertisers, hackers, or even Dekko’s creators or Microsoft Azure/Oracle administrators – can see your data. It is impossible to hijack a Dekko account and pretend to be someone that you are not without knowing the user’s password, and even then you can be protected by optional two-factor authentication.

How is Dekko different to other communication platforms?

Dekko is designed as a business-oriented solution, that provides secure file sharing, secure document approval, secure mail/chat and secure video conferencing as a single, web-based platform. End-to-end encryption means even Dekko can never read your data, and we don’t want to. Dekko relies on engineering solutions to provide privacy – not anonymity or secrecy. Dekko combines the security of popular privacy tools and the functionality of commonly used sharing tools in a package that is easy to implement, use and manage, providing a solution that is suitable for highly sensitive communication, content sharing and document approval.
Security is also managed completely transparently to users and administrators. ​ Dekko automatically handles all key management during registration and sharing and user are never required to opt in to security, nor are they able to opt out. Sharing securely on Dekko is very straightforward – users simply log in and send a message or file and no steps are required to secure any content.

How are my communications secured?

Every message, document and video conference on Dekko is secured with multiple layers of encryption and can only be read by the sender and the receiver, no one else. No information on the server or in transit can be used to decrypt and read the data. Even the creators of Dekko and administrators of a system using Dekko Secure cannot see user's data, since the user’s password is itself encrypted. ​

• There are no ‘back doors’ or master encryption keys; these only introduce vulnerabilities.

What infrastructure do you store user data on, and where?

DekkoVault uses Microsoft Azure Sydney and Melbourne regions to run the Dekko application and store user data in a HA configuration. DekkoLynx Conference media is handled on Oracle in Sydney.

Is Dekko safe? Has it been independently verified?

Enex TestLab performs regular independent claims testing on Dekko. Please contact us to obtain our latest report.

Do you support 2FA?

Yes! For regular Dekko accounts, 2FA is performed using the TOTP standard, meaning apps like Microsoft Authenticator, Google Authenticator or open source alternatives can be used. Azure Active Directory accounts can also utilise MFA during the log in procedure based on the parent organisation’s security policies. AAD can also specifically target Dekko for MFA, as well as other Conditional Access controls.

What is left on my device after logging out?

Locally, Dekko only stores what you are working on or what is cached during your session unencrypted. After you log out, your private key no longer exists and any data left on your device is useless. The tenancy tool can also be used set session expiry times.

What about my communications are secured? What information does Dekko log?

Dekko does not encrypt everything. Developed primarily as a business solution, Dekko is a privacy tool; it is not an anonymity tool. Without any action required other than pressing ‘send’, Dekko secures the following using end-to-end encryption:

• File names

How are accounts secured?

Accounts are secured by your password, which Dekko does not (and can not) know. Your public and private keys are generated during registration, and your private key is encrypted using your password before it is sent to our servers. Passwords are hashed and salted before they are sent to our servers.

How do you authenticate users at sign up?

By default, all accounts must perform an email verification before they are able to log in for the first time. The tenancy tool can be used to enforce all invitees in tenancy DekkoHUBs to also perform an SMS verification.

How do you delete data?

When data and accounts are deleted, two things happen. First, the keys for all data subject to deletion are deleted. Following that, this encrypted data is overwritten with garbage data.