Only you and your partner can see what you create and share in Avocado (except for maybe people looking over your shoulder). First, let's talk about the text information you can send within Avocado.
The text data you send to each other, including all messages lists, and events, are encrypted on our servers — and every couple has a unique encryption key. Even if we're hacked and data is stolen, an attacker would just see a bunch of garbled nonsense. Another way of putting this for those with more engineering knowledge is that nearly all data "at rest" at Avocado is encrypted. Specifically, we store your information as JSON whose properties are encrypted using your password and some other information.
But what happens to that data in transit? Well, Avocado attempts to maintain computer-to-server encryption from any of your devices to our servers. All of our connections occur over SSL/TLS and we redirect any non-secure calls to our secure URLs, though we recently disabled SSLv3 in response to POODLE. Despite this secure layer, there’s some important caveats to this:
1) When using a web browser and typing http instead of https, there’s a very brief moment where the server is redirecting to our SSL that could potentially be vulnerable to cookie hijacking. We tell people using our web app to type https://avocado.io to avoid this. We also attempt to automatically redirect folks to https.
2) Information sent via networks in some countries may be subject to different levels of inspection and thus exposed to vulnerabilities outside the usual scope of encryption.
3) Avocado Software makes no claims of defense regarding a new understanding of US government involvement in efforts to bypass encryption as a part of a worldwide inspection of data.
In most cases, however, just using our mobile app (or our web app, so long as HTTPS was typed in the URL) over a public network will still result in that communication occurring over a secure socket.
With regards to images, they are stored at AWS and are the only at-rest data stored unencrypted. When uploading photos for each other they can only by you two in your shared media gallery.
The images you share between each other can be accessed in two different ways. The first is rarely done by Avocado users, where a private image is converted manually to a public image by explicitly sharing it to Twitter or Facebook via our phone apps. This creates a web page that can be seen publicly by anyone so we can support that kind of sharing. Again, this is a manual-only process selected by you. Nothing is ever automatically shared to any 3rd party social service ever or ever will be.
The second is a private image personally sent from you to another person and stored online in a manner used by other services like Facebook, Flickr, and others. Like these other services, our image URLs have 2 characteristics that make them nearly impossible to "get".
1) The URLs are computationally unguessable. We've encrypted its unique identifier with enough length and obfuscation that a computer won't easily be able to randomly generate it. (To be clear, it would actually take billions of attempts for an amazing computer to guess even a single image URL.)
2) There's no user information stored with the photos. Even if the URL was accidentally copied and pasted by an Avocado user, that URL cannot lead back to the user in any way, shape, or, form.
For any sort of breach, one person in the couple would have to send the URL to someone or something malicious would have to occur within the browser or over the internet access you're using but, in that case, the malicious entity would have access to a lot more than a photo URL, they'd have access to cookies, passwords, and more.
Please note that the risk to privacy is magnified greatly if people copy, paste, or otherwise share photo links with someone outside of Avocado, we think everyone using our app should be cautious before doing that.
We take privacy very seriously at Avocado, so please feel free to ask us anything about privacy & security in detail.