Security

FileChute is built for collecting sensitive client documents — tax returns, financial statements, identity documents, and other confidential files. Security is not an add-on; it is foundational to every layer of the platform.

Encryption

In transit

All network traffic between clients, browsers, and FileChute servers is encrypted using TLS 1.2 or higher. This includes upload page access, file transfers, API requests, and dashboard interactions. We enforce HTTPS on all endpoints with no fallback to unencrypted connections.

At rest

Uploaded files are stored in private cloud storage buckets with AES-256 server-side encryption. Database contents (account data, request metadata, checklist items) are encrypted at rest using the storage provider's default encryption. Passwords used for protected upload links are hashed before storage and are never stored in plaintext.

Access controls

• Row-level security (RLS): every database table enforces row-level security policies. Users can only query, modify, and delete their own data. Organization members can access shared data within their organization boundary.
• Signed, time-limited URLs: file downloads are served through signed URLs that expire after 2 minutes. Upload URLs expire after 12 hours. URLs cannot be forged or reused after expiration.
• Authentication: dashboard access, downloads, settings, and all management operations require an authenticated session. Sessions are managed through secure, HTTP-only cookies.
• Password-protected uploads: requesters can optionally require a password to access an upload link, adding a second layer of access control for sensitive requests.
• Closed request enforcement: once a request is closed (manually or via auto-expiration), all uploads are permanently rejected. No further files can be added.

Authentication

• Two-Factor Authentication (2FA) — TOTP-based 2FA with backup codes for account recovery.
• OAuth sign-in — Sign in securely with Google or Microsoft Azure AD.
• API key hashing — API keys are SHA-256 hashed before storage. Raw keys are never stored.

Tenant isolation

FileChute is a multi-tenant platform with strict data isolation between accounts:

• Database queries are scoped to the authenticated user's ID at the database level, not the application level, preventing data leakage even in the event of application bugs.
• File storage paths are namespaced by user ID and request ID, ensuring files cannot be accessed across account boundaries.
• Organization data is isolated by organization ID with role-based access (owner, admin, member).

Upload security

• Direct-to-storage uploads: files are uploaded directly from the browser to encrypted cloud storage using signed URLs. Files never pass through or are buffered by the application server, eliminating a class of server-side risks.
• File type validation: each checklist item can restrict accepted file types. Extensions are validated before upload URLs are issued.
• Size limits: individual files are capped at 50 MB. Total storage per account is enforced by plan limits (2 GB free, 50 GB Pro).
• Filename sanitization: uploaded file names are sanitized to remove non-ASCII characters and special characters before storage, preventing path traversal and injection attacks.

Rate limiting and abuse prevention

• Upload page loads are rate-limited to 200 requests per hour per IP address.
• File upload operations are rate-limited to 100 uploads per hour per IP address.
• Exceeding rate limits returns a 429 response with a Retry-After header.
• Automated maintenance and reminder jobs are protected with secret authentication headers, preventing unauthorized execution.

Audit logging

Every significant action is recorded in the activity log:

• File uploads, downloads, and deletions
• Request creation, closure, and modifications
• Team member actions and permission changes
• Email and reminder deliveries

Activity logs can be exported as CSV for compliance purposes.

Webhooks

Outgoing webhooks are signed with HMAC-SHA256 so you can verify they originated from FileChute. Failed deliveries are automatically retried with exponential backoff.

Data lifecycle

• Auto-expiration: file requests automatically close after 90 days of inactivity. A 15-day warning email is sent before closure.
• Deletion: when a request is deleted, all associated files are removed from cloud storage and all database records (checklist items, upload metadata) are cascade-deleted. Storage usage counters are decremented.
• Account deletion: upon request, we delete all account data, request metadata, and uploaded files within 30 days.

Infrastructure

• Hosted on Vercel with automatic scaling, DDoS protection, and edge CDN (SOC 2 Type II, ISO 27001).
• Database and file storage on Supabase with automated backups (SOC 2 Type II, HIPAA available).
• Billing via Stripe (PCI DSS Level 1, SOC 2).
• Email delivery via Resend (SOC 2 Type II).
• Security headers configured (HSTS, CSP, X-Content-Type-Options, etc.).

Operational practices

• Production database access is restricted to service-role credentials used only by backend processes.
• Sensitive environment variables (API keys, database URLs, webhook secrets) are stored in encrypted environment configuration and are never committed to source control.
• Cron job health is monitored with automated failure alerting, ensuring time-sensitive operations (reminders, expirations) execute reliably.
• Dependencies are regularly reviewed and updated to address known vulnerabilities.

Incident response

In the event of a security incident that affects customer data, we will:

• Investigate and contain the incident promptly
• Notify affected users by email within 72 hours of confirmed impact
• Provide a clear description of what happened, what data was affected, and what steps we are taking
• Report to relevant authorities as required by applicable law

Compliance documents

• Data Processing Agreement (DPA) — GDPR and data protection compliance
• Business Associate Agreement (BAA) — HIPAA compliance for healthcare-related documents

Responsible disclosure

We welcome security researchers who help us keep FileChute safe. If you discover a vulnerability, please report it responsibly by emailing security@filechute.com. Please include a description of the issue, steps to reproduce, and any potential impact. We will acknowledge receipt within 48 hours and aim to resolve confirmed issues promptly.