How Secure Is Shuffle?

Shuffle uses VoIP technology for communications, and a secure content delivery network that protects your privacy. All personal information sent and received from the mobile app is authenticated and encrypted through SSL. 

Here's more information regarding the security of Twilio and Heroku, platforms we leverage to deliver Shuffle functionality.


Application security mechanisms and features for customer apps include:

  • SSL -- Twilio uses SSL 3.0 to encrypt bidirectional web session traffic between the customer application and Twilio. Twilio updates and renews the encryption methods when they expire.
  • Signature Validation -- Twilio cryptographically signs its HTTP requests with XTwilio-Signature HTTP headers for outbound requests to customers’ applications. This signature can be used to validate the authenticity of requests originating from Twilio to their application and protects against spoofing attacks. The request to the customer’s web application, which includes any POST fields and the final URL, is signed with the AuthToken as a key and HMAC-SHA1 to ensure the integrity of the capability tokens.

The above information, and more, can be found online here.


All the security information relating to Heroku can be found here.

Have more questions? Submit a request


Powered by Zendesk