Configuring For Maximum Security

To ensure the highest level of security on your site, follow the recommendations below.

To prevent accidental transfers of files on your account using insecure FTP, do not enable Plain/unencrypted FTP support.

Do not allow connections with insecure ciphers via the HTTPS, FTPS, and SFTP ciphers setting.

Set the retention period with the Keep deleted files for setting as low as possible to minimize the amount of your data we retain as backups. For maximum security, you should set this value to be no higher than 30 days. Many of our customers enter lower values such as 7 days or even 0 days.

Implement and enforce the use of two-factor authentication (2FA) for all user accounts.

Implement and enforce the use of SSH/SFTP Keys for SFTP instead of using a password.


If you have a HIPAA BAA signed with us then, in order to meet compliance, your site will have these restrictions applied.

Your site will not allow the use of Insecure FTP - Your site will not have the option available to enable the use of insecure FTP.

Use of Insecure Ciphers are not allowed - Your site will not have the option to enable the use of insecure ciphers for data transfer.

Storing data in a specific geographic region, such as the USA, is not a legal requirement of HIPAA. However, if storing in data in a specific geographic region, even if not required by law, is important to your organization then you should also ensure that your site is configured to only use those regions.

Get Instant Access to

The button below will take you to our Free Trial signup page. Click on the white "Start My Free Trial" button, then fill out the short form on the next page. Your account will be activated instantly. You can dive in and start yourself or let us help. The choice is yours.

Start My Free Trial

©2024 All right reserved


  • Start My Free Trial
  • Pricing
  • Docs
  • API and SDKs
  • Contact


(800) 286-8372


9am–8pm Eastern