The Rainbow application is used to transfer data from one cloud service account to another account. These two accounts may be on the same service or on different ones. This process takes place on your device (iPhone/ iPad, Android, Kindle, Mac or Web), and it does not use any server. Therefore, the Rainbow application "sees" your data as bytes, and it does not care about their content.
The Rainbow application requires from the user to enter his/her credentials (email and password) to login to a cloud service. Still, besides the MediaFire and Sugarsync services, you are directed to the service website to enter your credentials. This means that we do not have access to the data that you type in when you enter your credentials. For the other three services (MediaFire and Sugarsync), we provide a login screen, but again, we do NOT store your credentials.
Once the login is successful, we get a couple of keys from the service. We do save those keys on your device (iPhone / iPad / Android / Kindle/ Mac), but they are saved in a way that no one could use them. We also save the name that you give to each account, so that we know which keys to use when you click on an account.
All the above apply to the Mac and the Android version. The only difference is that these keys are now encrypted.
The iDrive cloud service is a little bit tricky. We tried to contact their support team several times, and we will kepp trying to contact them until we manage to use the OAUTH1 mechanism to protect your credentials. In the mean time, we provide our own login screen and we then save your credentials on the device.
The credentials are encrypted, and as with all the other services, the entire communication is encrypted. We do not save your credentials on our server, and we will never ask you for those.
The keys that we obtain from a service are stored on our server. But, they are encrypted. We use your password that you entered when you creaated the free Rainbow account to encrypt these keys. Your password is also stored on our server, but, it is not saved as plain text. Instead, it is hashed, so that nobody can tell what the actual password really is.
The new version allows a user to share files from Box, Dropbox, Google Drive, OneDrive, OneDrive for business, and SugarSync with a single link and for up to 11 days. Because the Rainbow application was created on the idea that it should protect user's credential, we do not store your credentials on our server, but only your files. More importantly, the entire comminucation with our server is secure, and if you wish, you can also passcode protect the link. This means, that if someone manages to guess the link to your files, without the password (s)he won't be able to retrieve your files. Nonetheless, as you well know, nothing is secure on the Internet, and thus you should be extremely careful about who you send that email and what files you are sharing.
Your files, along with the link, are deleted from our server when the link is expired.