Files.com is committed to protecting customer data through robust security controls, privacy-minded design, and a clearly defined Shared Responsibility Model. This document outlines what Files.com does and does not do with customer data, and the internal practices that safeguard it.

Customer Data Handling

Files.com does not view, scan, or process the contents of customer-uploaded files unless explicitly authorized by the customer.

Customer Data Classification

Files.com is not in a position to know what data you are storing in the platform. Understanding and properly classifying that data —including whether it contains sensitive information such as PII, PHI, or copyrighted material—is the responsibility of the customer. Please refer to the Files.com Shared Responsibility Model for more information.

Metadata Access for Support and Operations

Files.com Customer Support and Engineering staff may access configuration settings, logs, and file metadata (not file contents) to troubleshoot issues and ensure system stability. Access is tightly controlled, logged, and granted only as needed.

Internal Data Access is Strictly Controlled

Only select senior, U.S.-based engineers have root access to production systems. These employees are full-time, background-checked, and bound by confidentiality agreements. Root access is not granted until at least one year of tenure, or else executive approval. All direct access is logged.

Multi-Tenant Isolation

Files.com is a multi-tenant SaaS platform. All customer data is logically separated using access controls and namespace isolation.

Encryption in Transit and at Rest

All customer data is encrypted in transit using HTTPS and at rest using Amazon S3’s server-side encryption. Customers on Power, Premier, and Enterprise plans may optionally enable GPG encryption for file contents using their own encryption keys.

Customer Data Storage and Redundancy

Files.com stores the contents of customer files in the Amazon S3 Simple Storage Service. Objects are redundantly stored across multiple devices and facilities within an Amazon S3 Region. Amazon S3 regularly verifies data integrity using checksums and repairs any corruption using redundant data.

Metadata Storage and Backup Retention

Files.com stores customer metadata in Amazon Aurora. Multiple hot-backup servers operate across availability zones, and point-in-time restore capabilities are available for the prior 7 days. Full database snapshots are stored in Amazon S3 every 24 hours and retained for at least 7 days. Backups are audited as part of the Backup and Restoration Test Procedure.

Global Acceleration and Data Routing

To improve performance, customer-uploaded data may first pass through the region closest to the user before being stored in the selected storage location. Customers can disable this behavior by turning off Global Acceleration.

No Use of Customer Data for Marketing or Sales

Files.com does not sell customer data or use it for advertising purposes. Device identifiers such as cookies or IP addresses may be used on the public website for analytics and marketing, but this data is not tied to customer-uploaded files and is handled in accordance with applicable privacy laws.

Legal Requests and Disclosure Process

Files.com complies with lawful data disclosure requests under applicable jurisdiction. All such requests are reviewed by our Privacy Officer and handled in accordance with our Privacy Policy.

Privacy Oversight and Contact

Files.com's Privacy Officer is Chief Legal Counsel Joseph Buszka. For privacy-related inquiries, customers may contact: privacy@files.com.