Data Encryption & Key Management
Files.com encrypts customer data both in transit and at rest. Encryption is reviewed annually as part of the Files.com SOC 2 Type II audit.
Encryption in Transit
All data in transit is encrypted, across every connection type Files.com supports.
Web access is protected by HTTPS with TLS encryption. Insecure HTTP requests are automatically redirected to HTTPS.
FTP over port 990 requires 2048-bit SSL encryption. FTP over port 21 also supports 2048-bit SSL encryption and requires it by default; customers can optionally allow insecure FTP. SFTP connections use SSH encryption.
All inbound and outbound API and webhook traffic is encrypted using HTTPS with TLS.
Encryption at Rest
All customer file contents, including backups, are encrypted at rest using AES-256 encryption.
Sensitive configuration data is also encrypted using AES-256 with randomly generated initialization vectors. This includes:
- Cloud storage credentials (e.g., AWS S3, Azure Blob, Google Cloud Storage)
- SMTP credentials
- Active Directory / LDAP credentials
- SSL certificate private keys
- PGP/GPG private keys
Custom Encryption Options
Customers on Power and Enterprise plans may optionally apply customer-supplied GPG encryption keys to specific folders. This adds a layer of encryption that the customer fully controls.
SSL Certificate Management
Customers using a custom domain may request a free SSL certificate from Files.com or provide their own certificate from a trusted provider.
Encryption Key Management
Files.com uses HashiCorp Vault to manage encryption keys and secrets internally. For encryption at rest, key management and escrow are handled using AWS-native services.
Get The File Orchestration Platform Today
4,000+ organizations trust Files.com for mission-critical file operations. Start your free trial now and build your first flow in 60 seconds.
No credit card required • 7-day free trial • Setup in minutes