Enterprise-Grade Protection

Security at Transfilio

We protect your files with enterprise-grade security from the moment you upload to the instant your recipient downloads.

AES-256 Encryption TLS 1.3 Zero-Knowledge SOC 2 Prep

Encryption

Every file is protected by multiple layers of encryption throughout its lifecycle.

In Transit

  • TLS 1.3 for all connections
  • HTTPS enforced everywhere
  • Certificate pinning on mobile clients

At Rest

  • AES-256 encryption for all stored files
  • Per-file encryption keys
  • Encrypted database backups

Client-Side

  • Files encrypted in the browser before upload
  • Zero-knowledge architecture — we never see plaintext
  • True end-to-end encryption available on Business+

Key Management

  • BYOK (Bring Your Own Key) for Enterprise plans
  • Per-file encryption keys rotated automatically
  • Hardware Security Module (HSM) key storage

Infrastructure

Built on battle-tested cloud providers with redundant, globally distributed infrastructure.

Fly.io

global edge network with automatic failover and zero-downtime deployments

AWS S3

Object storage with server-side encryption and 99.999999999% durability

PostgreSQL

encrypted connections, automated daily backups, and point-in-time recovery

CDN

multi-region deployment for fast, low-latency file delivery worldwide

Access Controls

Fine-grained controls over who can access, share, and manage your files.

Authentication

  • Passwords hashed with bcrypt (cost factor 12)
  • OAuth2 social login via Google and GitHub
  • HMAC-signed session tokens
  • Magic link email authentication

Role-based Access Control (RBAC)

Four workspace roles with granular permission sets:

Owner Admin Member Viewer

Share Link Security

  • Password protection on every share link
  • Configurable download limits per link
  • Automatic expiry dates
  • IP restrictions to allowlisted addresses

API Security

  • HMAC-signed webhook payloads
  • Strict rate limiting on all endpoints
  • per-plan quotas enforced at the API gateway
  • Scoped API tokens with configurable permissions

Compliance

We are committed to meeting the highest compliance and regulatory standards.

Audit Logging

Immutable audit trail of every action: uploads, downloads, share link views, permission changes, and admin operations.

Data Residency

Choose where your data lives. Available regions: EU, US, UK, and Africa.

GDPR

Full GDPR compliance with self-service data export, deletion tools, and privacy by design throughout our architecture.

SOC 2

SOC 2 Type I audit in progress, targeted for Q3 2026. Full Type II report planned for 2027.

HIPAA

HIPAA-ready infrastructure with Business Associate Agreement (BAA) available on Business+ plans.

Encryption Standards

AES-256, TLS 1.3, and FIPS 140-2 validated cryptographic modules used throughout the platform.

Vulnerability Disclosure

We believe in coordinated vulnerability disclosure and work transparently with security researchers to keep Transfilio safe for everyone.

Security Contact

Report security vulnerabilities directly to our security team.

security@transfilio.com

Bug Bounty

Our formal bug bounty program is coming soon. We will reward researchers who responsibly disclose critical and high severity vulnerabilities.

Responsible Disclosure Policy

We follow a coordinated vulnerability disclosure process. Please give us a reasonable amount of time to investigate and remediate before public disclosure. We will acknowledge your report within 48 hours and provide regular updates throughout the resolution process.

Ready to transfer files securely?

Join thousands of teams who trust Transfilio with their most sensitive files.

Get Started Free Compare Plans