Is my data encrypted?

Yes, we use AES-256 encryption for storage and TLS 1.3 for data transmission.

Where is my data stored?

Your data is stored on AWS servers in US regions (us-east-1 and us-west-2). We use multiple availability zones for redundancy.

Are you SOC 2 or ISO 27001 certified?

We are not directly certified. However, our infrastructure runs on AWS data centers that maintain these certifications. We follow security best practices aligned with these standards.

No. We do not sell, rent, or share your data with third parties for their marketing purposes.

Document Security & Data Protection

Security

Last updated: September 2025
This page describes our current security practices and may be updated from time to time.

How we protect your documents
We use AES-256 encryption, AWS infrastructure, and multiple backup systems as part of our security practices.

Infrastructure
We utilize Amazon Web Services (AWS) for hosting. AWS maintains SOC 2 and ISO 27001 certifications for their data centers. We store files across multiple availability zones with versioning to help protect against data loss. Systems are monitored with automated threat detection.

Encryption
We use AES-256 encryption for document storage. Data travels over HTTPS using TLS 1.3 - an encryption standard commonly used by financial institutions. Database entries are encrypted at rest, API keys are hashed, and we use trusted authentication providers.

Access Control
You can control document access through:
- Setting expiration dates for links
- Requiring email verification
- Adding password protection
- Revoking access when needed

Network Security
Infrastructure protection includes Web Application Firewall (WAF), DDoS protection via Cloudflare, rate limiting, and periodic third-party security assessments. We maintain backup systems designed for point-in-time recovery with geographic distribution.

Data Privacy
Our practices include not selling user data to third parties or using documents for AI training without consent.
We aim to respond to:
- GDPR requests within required timeframes
- CCPA requests as required by law
- Data deletion requests per our retention policy
- Data export requests where technically feasible

Compliance and Standards
While not directly certified, we follow security best practices and utilize AWS infrastructure that maintains SOC 2, ISO 27001, and HIPAA compliance. We conduct security reviews and maintain incident response procedures.

Transparency
Important limitations:
Encryption protects file contents; some metadata is used for service operation
Share links remain active until revoked by the owner
AWS infrastructure certifications do not extend to our service

Contact
Security inquiries: contact us
For urgent matters, please indicate urgency in your subject line.

Technical Details
Infrastructure: AWS regions, S3 storage, MongoDB Atlas, Cloudflare CDN Encryption: AES-256 at rest, TLS 1.3 in transit, managed key systems

This information is provided for transparency purposes, may change without notice, and does not constitute a warranty or legal commitment. See our Terms of Service and Privacy Policy for binding terms.

Frequently asked questions

English

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Cookie Policy.