Files.com provides customers with powerful tools to manage, secure, and control their data. This document outlines the features available to customers for configuring encryption, managing access, exporting data, and setting retention policies, as well as the responsibilities customers hold under the Files.com Shared Responsibility Model.

Customer-Controlled Encryption

Customers on Power, Premier, and Enterprise plans can enable GPG encryption for specific folders. When this feature is used, customers manage their own encryption keys, giving them full control over file-level encryption.

Storage Location Controls

Customers can select where their data is stored from multiple available geographic regions. On supported plans, different folders may be assigned to different storage regions. To meet data residency requirements, customers can disable Global Acceleration to ensure that data is only routed through their chosen storage location.

Data Retention and Deletion Settings

Files.com allows customers to configure custom retention policies, automatically delete expired files, and manually delete content at any time. When files are deleted, Files.com retains backups for a short period to support recovery, after which the data is permanently removed.

Data Retention After Account Cancellation

When a customer cancels their account, Files.com deletes all associated data within 7 days of the cancellation notice or termination due to nonpayment.

Access Controls and Authentication

Customers manage their own logical access controls, including user and group permissions, Role-Based Access Control (RBAC), and multiple options for Two-Factor Authentication (2FA). Customers can provision and authenticate users through a variety of identity providers including LDAP, Active Directory, Azure, Okta, OneLogin, Auth0, and others.

Audit Logs and Activity History

Files.com provides customers with detailed audit logs showing who accessed, modified, or deleted files. These logs are accessible through the web interface and API, and are retained for at least 7 years. Customers may request shorter retention periods if needed. The Files.com CLI and API also allow export of site configuration details, including user/group/folder permission mappings.

Customer Responsibility for End-User Logging

Customers are responsible for logging activity related to their own end users outside of the Files.com platform. Please refer to the Shared Responsibility Model for more information.

Data Portability and Export Tools

Customers can export all stored data and account configuration using Files.com tools. The Files.com web interface, CLI, and API allow customers to transfer files and download user or settings information at any time. Files.com does not support bulk import/export using physical media.

Data Classification and Retention Policies

Customers are responsible for classifying their own data (e.g., Confidential, Protected, Sensitive, or Public) and defining appropriate retention schedules. These policies must be managed within each customer’s organizational and regulatory context.

Content Scanning and DLP Integrations

Files.com does not scan or analyze the contents of customer-uploaded files. Content scanning or DLP functionality is not currently supported. Customers interested in future integration capabilities may contact Files.com to express interest.