CloudFiles logo

Security at CloudFiles

With GDPR, SOC-2 & ISO 27001 compliance, CloudFiles provides the perfect privacy-aware file sharing solution. We take a Privacy-By-Desig approach to data, application as well as infrastructure security

Responsible Disclosure Policy

With GDPR, SOC-2 & ISO 27001 compliance, CloudFiles provides the perfect privacy-aware file sharing solution

SOC-2, GDPR & ISO 27001

SOC 2 Type II

CloudFiles is SOC 2 Type II certified. We work with an AICPA certified auditor to evaluate our security controls and policies on an annual basis. SOC 2 report can be provided, upon request.


At CloudFiles, we adhere to GDPR and other privacy regulations in everything we do. We recognise that protecting privacy requires a holistic security program. We have done extensive research and created a support article explaining how CloudFiles is GDPR compliant

ISO 27001

CloudFiles has received its ISO 27001/IEC 27001:2013 certification, adhering to the requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS).

Data Security

CloudFiles stores document and customer's data in multiple availability zones. Data in each zone is encrypted at rest with AES-256. CloudFiles also offers BYO-S3 (Bring your own S3) so that you can store your files in the region of your choice and have full control over your files.

Application Security

CloudFiles leverages a leading web application firewall with automatic updates to block against the latest threats. We also utilise application level DDoS protection from CDN provider and network level DDoS protection from cloud provider. TLS 1.2+ is minimum for data in transit. CloudFiles regularly engages application security experts for third party penetration tests.

Infrastructure Security

AWS handles physical and virtual aspects as part of the shared responsibility model. We deploy our application using containers run on AWS managed services. This limits our footprint and ensure a better security posture as we typically do not manage servers or EC2 instances in production.