Shuffle uses VoIP technology for communications, and a secure content delivery network that protects your privacy. All personal information sent and received from the mobile app is authenticated and encrypted through SSL.
Application security mechanisms and features for customer apps include:
- SSL -- Twilio uses SSL 3.0 to encrypt bidirectional web session traffic between the customer application and Twilio. Twilio updates and renews the encryption methods when they expire.
- Signature Validation -- Twilio cryptographically signs its HTTP requests with XTwilio-Signature HTTP headers for outbound requests to customers’ applications. This signature can be used to validate the authenticity of requests originating from Twilio to their application and protects against spoofing attacks. The request to the customer’s web application, which includes any POST fields and the final URL, is signed with the AuthToken as a key and HMAC-SHA1 to ensure the integrity of the capability tokens.
The above information, and more, can be found online here.
All the security information relating to Heroku can be found here.