Security & Compliance

From encryption to decentralized storage, every layer of our platform is built to ensure that only you control your data while meeting global compliance requirements.

Encryption

All data is secured with enterprise-grade encryption standards, both in transit and at rest, with user-controlled keys to ensure privacy.

Multi-Layer Encryption

Client-side encryption before upload
Transport layer security during transmission
Storage encryption on IPFS nodes
Key management under your control

Encryption Standards

AES-256 for symmetric encryption
RSA-4096 for key exchange
TLS 1.3 for transport security
PBKDF2 for key derivation

Decentralized Storage

Filedgr uses IPFS to distribute encrypted data across a global node network, ensuring redundancy and no single point of failure.

Benefits of IPFS

No single point of failure - Data distributed across multiple nodes
Content addressing - Files identified by cryptographic hash
Automatic deduplication - Identical files stored only once
Global accessibility - Retrieve from nearest available node

Storage Flexibility

The platform's attestation can be applied to data stored:

On-premise - Your own servers and infrastructure
In the cloud - AWS, Azure, Google Cloud, or other providers
On decentralized networks - IPFS, Arweave, or similar protocols

You maintain complete control over where your data physically resides.

Granular Access Control

You decide exactly who can access what and when. Control who accesses your data with flexible, role-based permissions and advanced security features.

Permission Levels

NONE - No access to the vault
VIEWER - Read-only access to data
EDITOR - Modify content and add data
ADMIN - Full control including permissions
CUSTOM - Define specific permissions

Access Features

Time-limited access with automatic expiration
IP address restrictions for additional security
Device-specific permissions for mobile access
Multi-factor authentication requirements
Activity logging for all access attempts

Multi-Factor Authentication

Enhance account security with multiple authentication options:

Supported Methods

Authenticator Apps - Google Authenticator, Authy, 1Password
SMS Verification - Text message codes
Email Verification - Email-based codes
Hardware Keys - FIDO2/WebAuthn security keys
Biometric - Fingerprint and face recognition (mobile)

Configuration Options

Mandatory MFA for specific roles
Backup codes for account recovery
Trusted devices for reduced friction
Session management with automatic timeout

Compliance & Regulations

Filedgr is built with privacy-by-design principles, to meet stringent regulatory frameworks like GDPR, CCPA, and HIPAA.

Data minimization - Collect only necessary data
Purpose limitation - Use data only for stated purposes
Consent management - Clear opt-in/opt-out mechanisms
Right to erasure - Delete personal data on request
Data portability - Export data in standard formats
Privacy by design - Built-in privacy protections

HIPAA Compliance

Administrative safeguards - Access controls and training
Physical safeguards - Secure data centers and devices
Technical safeguards - Encryption and audit logs
Business associate agreements - Proper vendor relationships

Other Standards

CCPA - California Consumer Privacy Act compliance
SOC 2 Type II - Security and availability controls (in progress)
ISO 27001 - Information security management (in progress)
NIST Framework - Cybersecurity best practices

Zero-Knowledge Architecture

Filedgr ensures that even platform administrators cannot access your encrypted data, with keys under your sole control.

Key Principles

Client-side key generation - Keys created on your device
End-to-end encryption - Only you can decrypt your data
No plaintext storage - We never see unencrypted content
Cryptographic verification - Prove integrity without revealing data

Technical Implementation

Your Data → Client-Side Encryption → IPFS Storage
     ↑                                      ↓
Your Keys ←――――――― You Control ―――――――→ Verification

This ensures that privacy is not just a claim, but a verifiable design principle.

Audit & Monitoring

Real-time monitoring and immutable audit logs provide transparency and compliance-ready evidence.

Real-Time Monitoring

Access attempt logging - Every login and data access
Permission change tracking - Who modified what permissions
Data modification alerts - Notifications of changes
Suspicious activity detection - Unusual access patterns

Audit Trail Features

Immutable logs - Cannot be altered after creation
Blockchain anchoring - Cryptographic proof of log integrity
Detailed timestamps - Precise timing of all events
User attribution - Clear identification of actors
Export capabilities - Logs available in multiple formats

Compliance Reporting

Automated reports for regulatory requirements
Custom dashboards for security teams
Alert configurations for policy violations
Integration APIs for SIEM systems

Network Security

Filedgr’s infrastructure is protected against threats to ensure continuous availability and data integrity.

Infrastructure Protection

DDoS mitigation - Protection against distributed attacks
CDN security - Global content delivery with security features
Rate limiting - Prevent abuse and resource exhaustion
Intrusion detection - Monitor for malicious activity

API Security

Authentication required - No anonymous access
Rate limiting per user - Prevent API abuse
Request validation - Input sanitization and validation
CORS protection - Secure cross-origin requests

Incident Response

Filedgr maintains a robust incident response plan to detect, contain, and recover from security events.

Response Plan

Detection - Automated monitoring and alerting
Assessment - Determine scope and severity
Containment - Isolate affected systems
Investigation - Root cause analysis
Recovery - Restore normal operations
Communication - Notify affected users

User Notifications

Security alerts for account-specific issues
Platform updates for system-wide events
Resolution status - Progress updates during incidents
Post-mortem reports - Lessons learned and improvements

Data Retention & Deletion

Filedgr balances user control with compliance needs, ensuring secure deletion while maintaining auditable records.

How Deletion Works

File Removal -You can remove files from active storage immediately.
Metadata Preservation - However, for audit and compliance purposes, the permanent blockchain verification records remain preserved. This ensures regulatory proof even after a file is deleted.
Cryptographic Erasure: - When files are removed from our systems, cryptographic erasure is used to make the data unrecoverable, ensuring secure deletion.

Retention & Recovery Policies

User-Controlled Retention: - You can set your own data lifecycle and automatic expiration policies to align with your needs.
Grace Period Recovery: - Deleted files are recoverable for a grace period, which may vary depending on your subscription tier. This allows you to restore accidentally deleted data.
Legal Hold: - For compliance and legal requirements, data can be placed on a legal hold, preserving it beyond standard retention policies.

Balancing User Control & Compliance

Our policies are designed to meet both user expectations and strict regulatory standards.

GDPR Right to Erasure: - We respect a user’s right to request the deletion of personal data.
Audit Trail Preservation: - At the same time, we maintain the integrity of verification records to ensure a complete audit trail for compliance.
Account Closure - Even if you close your account, verification records remain preserved to ensure continuous auditability.

Certifications & Standards

Filedgr adheres to industry standards and undergoes regular security assessments to ensure compliance.

Current Compliance

Privacy by Design - Built into platform architecture
GDPR Ready - Full compliance with European privacy law
HIPAA Compliant - Healthcare data protection standards
SOC 2 Type I - Security controls assessment (completed)

In Progress

SOC 2 Type II - Operational effectiveness over time
ISO 27001 - Information security management system
PCI DSS - Payment card data security standards
FedRAMP - Federal cloud security authorization

Regular Assessments

Penetration testing - Quarterly security assessments
Code security reviews - Automated and manual code analysis
Vulnerability scanning - Continuous monitoring for threats
Third-party audits - Independent security validation

Getting Help

Security Questions

If you have questions about our security practices:

Security Documentation - Detailed technical information
Contact Security Team - Direct access to security experts
Bug Bounty Program - Report vulnerabilities responsibly

Compliance Support

Need help with regulatory requirements:

Compliance Guide - Step-by-step compliance information
Schedule Consultation - Talk with compliance experts
Documentation Portal - Complete compliance documentation

Best Practices

Learn how to maximize security:

Security Best Practices - Recommended configurations
Training Resources - Security awareness materials
Integration Security - Secure development practices

Security at Filedgr isn't an add-on feature—it's the foundation everything else is built on.

Encryption​

Multi-Layer Encryption​

Encryption Standards​

Decentralized Storage​

Benefits of IPFS​

Storage Flexibility​

Granular Access Control​

Permission Levels​

Access Features​

Multi-Factor Authentication​

Supported Methods​

Configuration Options​

Compliance & Regulations​

GDPR Compliance​

HIPAA Compliance​

Other Standards​

Zero-Knowledge Architecture​

Key Principles​

Technical Implementation​

Audit & Monitoring​

Real-Time Monitoring​

Audit Trail Features​

Compliance Reporting​

Network Security​

Infrastructure Protection​

API Security​

Incident Response​

Response Plan​

User Notifications​

Data Retention & Deletion​

How Deletion Works​

Retention & Recovery Policies​

Balancing User Control & Compliance​

Certifications & Standards​

Current Compliance​

In Progress​

Regular Assessments​

Getting Help​

Security Questions​

Compliance Support​

Best Practices​