Trust Center
Security & Privacy
We handle sensitive documents every day. Here is exactly how we protect them.
Minimal data collection
We only store what is needed to deliver the service. No tracking in the app or portal — optional consent-based analytics on marketing pages only.
Defense in depth
Multiple overlapping security controls — no single point of failure.
Transparency
We tell you exactly what we do with your data. No legalese hiding.
Infrastructure
Encryption in transit
All connections use HTTPS/TLS 1.2+ with modern cipher suites (ECDHE key exchange, AES-GCM/CHACHA20 encryption only — no legacy CBC ciphers). OCSP stapling is enabled for fast certificate verification. Magic links, file uploads, and API calls are encrypted in transit. HSTS is enabled with preloading. Encryption at rest depends on the hosting infrastructure and is not application-level.
Browser security headers
Strict Content Security Policy (no unsafe-eval), X-Content-Type-Options, X-Frame-Options (DENY), Permissions-Policy, Cross-Origin-Opener-Policy, and Referrer-Policy headers are set on every response. Referrer-Policy is set to no-referrer to prevent magic link tokens from leaking via referrer headers.
Secure magic links
Each recipient gets a unique token generated with a cryptographically secure random generator. Tokens are hashed before storage — raw tokens are never persisted. Links expire automatically after the request deadline. Optional access-code protection adds a second verification layer with PBKDF2-hashed codes.
Application
File validation & integrity
Every uploaded file passes 5 validation layers: size limit, content-type allowlist, extension matching, magic-byte inspection, and per-recipient quotas. SHA-256 checksums are stored on upload. A periodic integrity verification task confirms stored files remain intact. Every file is automatically scanned for viruses using ClamAV. Infected files are rejected and deleted.
Rate limiting & abuse prevention
API endpoints are rate-limited per user and per IP. The recipient portal has separate, stricter per-token and per-IP limits. Login attempts are throttled per email+IP combination. Access code verification locks out after repeated failures. Password reset has per-email cooldowns to prevent enumeration.
Access control
Authentication & access control
JWT tokens with 15-minute expiry and 7-day refresh rotation. Refresh tokens are blacklisted on logout and rotation. Optional TOTP-based two-factor authentication (2FA) via authenticator apps with secrets encrypted at rest. Role-based access control with owner, admin, and reviewer roles. Passwords hashed with PBKDF2, require a minimum of 10 characters, and are length-limited to prevent algorithmic complexity attacks. Sensitive tokens suppressed from all access logs. Session cookies use HttpOnly, SameSite, and Secure flags.
Audit logging & monitoring
Login attempts, document submissions, and data deletions are logged with timestamps and metadata. Audit logs are available via the dashboard and exportable as CSV. Background tasks are monitored for health and alerting. Error monitoring uses PII-scrubbed reporting.
Data lifecycle
Data retention & deletion
Completed requests auto-purge after a configurable retention period (default 90 days). You can delete any request or your entire account at any time. All files are explicitly removed from disk with retry mechanisms for failed deletions. Every deletion is logged in an immutable audit trail.
GDPR tools
We operate as a Data Processor under GDPR. We provide a DPA, support data subject rights (access, portability, erasure), and offer self-service data export in JSON and CSV formats.