How Files.com Handles Customer Data
Files.com treats customer data as confidential by default. We do not access the contents of customer files, we do not use customer data for marketing or sales, and we apply tightly controlled internal access policies to the systems that store it. This page describes those practices and the responsibilities that fall to the customer under our Shared Responsibility Model.
Customer Data Handling
Files.com does not view, scan, or process the contents of customer-uploaded files unless the customer explicitly authorizes it.
Customer Data Classification
Files.com cannot know what data you store in the platform. Classifying that data, including identifying whether it contains sensitive information such as PII, PHI, or copyrighted material, is your responsibility as the customer. See the Shared Responsibility Model for the full split.
Metadata Access for Support and Operations
Files.com Customer Support and Engineering staff may access configuration settings, logs, and file metadata (not file contents) to troubleshoot issues and ensure system stability. Access is tightly controlled, logged, and granted only as needed.
Internal Data Access is Strictly Controlled
Only select senior, U.S.-based engineers have root access to production systems. These employees are full-time, background-checked, and bound by confidentiality agreements. Root access is not granted until at least one year of tenure, or else executive approval. All direct access is logged.
Multi-Tenant Isolation
Files.com is a multi-tenant SaaS platform. Customers share the same underlying infrastructure but are isolated logically at every layer of the stack — application, storage, and caching. Security boundaries prevent one customer from seeing or affecting another customer's data or operations.
Within each Files.com service, customers are isolated by connection or RPC job. Each request is scoped to a single customer before it reaches the storage or cache backends.
Customer file contents are stored in Amazon S3, encrypted at rest with AES-256. Files.com uses one master bucket per region for customer data. Within that bucket, customer data is separated by S3 key (folder). S3 signing is centralized so that only operations associated with a single customer can sign an S3 request scoped to that customer's data — signed credentials cannot be reused to reach another customer's data.
Each region operates one Redis cluster shared across all services in that region. Within the cluster, each customer's data is confined to a distinct region of the key namespace.
Beyond structural separation, namespace isolation and per-customer access controls enforce that no API call, signed URL, or background process can act on another customer's data.
Within each shared service tier, customer connections are handled by the same operating-system processes that serve traffic from other customers. The stack includes industry-standard proxies (HAProxy, nginx), Files.com's custom SFTP and FTP server implementations, and standard HTTP application server libraries (Jetty for Java services, Puma for Ruby services, Gunicorn for Python services). Each connection or RPC job is scoped to a single customer before it reaches the storage or cache backends described above.
Multi-tenant proxy chains are exposed to a class of attacks — most prominently HTTP Request Smuggling — in which disagreements between front-end and back-end parsers can cause a request submitted on one connection to be interpreted as belonging to another. Files.com tracks public disclosures and CVEs against every parser in the stack — HAProxy, nginx, Jetty, Puma, Gunicorn, and our SFTP and FTP server implementations — and applies updates as part of the same-day critical-vulnerability remediation policy. New smuggling-class variants are patched and tested before deployment.
Reducing Multi-Tenancy via the Files.com Agent
Customers who want to minimize the amount of customer data processed in shared multi-tenant infrastructure can deploy the Files.com Agent inside their own environment. When an Agent is in place, Files.com offloads backend processing of outbound connections to that Agent: the actual work of moving data to and from external systems runs on hardware the customer owns, in the customer's administrative domain, via an RPC job dispatched from the Files.com cloud. The shared multi-tenant control plane (Admin UI and API) still handles the customer's interactions with Files.com, but the data-path work executes inside the customer's perimeter. Files.com continues to expand the work the Agent can run on customer-controlled hardware.
This is the strictest isolation posture Files.com offers in the standard product, and is the same mechanism used in ITAR-aligned and CGR-aligned configurations.
Setting the Agent up for maximum isolation is not a drop-in deployment. Work with your Account Executive and Onboarding Engineer to plan the topology, scope the workloads that move to the Agent, and configure the connections that remain in the cloud.
Encryption in Transit and at Rest
All customer data is encrypted in transit using HTTPS and at rest using Amazon S3's server-side encryption. Customers on Power and Enterprise plans can also enable GPG encryption for file contents using their own encryption keys.
Customer Data Storage and Redundancy
Files.com stores the contents of customer files in the Amazon S3 Simple Storage Service. Objects are redundantly stored across multiple devices and facilities within an Amazon S3 Region. Amazon S3 regularly verifies data integrity using checksums and repairs any corruption using redundant data.
Metadata Storage and Backup Retention
Files.com stores customer metadata in Amazon Aurora. Multiple hot-backup servers operate across availability zones, and point-in-time restore capabilities are available for the prior 7 days. Full database snapshots are stored in Amazon S3 every 24 hours and retained for at least 7 days. Backups are audited as part of the Backup and Restoration Test Procedure.
Global Acceleration and Data Routing
To improve performance, customer-uploaded data may first pass through the region closest to the user before being stored in the selected storage location. Customers can disable this behavior by turning off Global Acceleration.
No Use of Customer Data for Marketing or Sales
Files.com does not sell customer data or use it for advertising purposes. Device identifiers such as cookies or IP addresses may be used on the public website for analytics and marketing, but this data is not tied to customer-uploaded files and is handled in accordance with applicable privacy laws.
Legal Requests and Disclosure Process
Files.com complies with lawful data disclosure requests under applicable jurisdiction. Our Privacy Officer reviews every request and handles it in accordance with our Privacy Policy.
Privacy Oversight and Contact
Files.com's Privacy Officer is Chief Legal Counsel Joseph Buszka. For privacy-related inquiries, customers may contact: privacy@files.com.
Get The File Orchestration Platform Today
4,000+ organizations trust Files.com for mission-critical file operations. Start your free trial now and build your first flow in 60 seconds.
No credit card required • 7-day free trial • Setup in minutes