All communication between you application and our API servers is encrypted using industry standard SSL/TLS. There is no option to communicate over insecure channels so there shouldn't be any room for error on this part.
We recommend that your application uses an SSL/TLS encrypted endpoint to receive this payload in a secure way but this is up to you and your specific needs.
All communication between our backend servers is encrypted using industry standard SSL/TLS. There is no option to communicate over insecure channels so there shouldn't be any room for error on this part.
As part of your setup, we require you to enter the credentials of an Amazon S3 bucket where we will upload the result files from the preview and metadata generation process. These credentials are stored securely using AES encryption.
As part of your initial setup, you need to provide credentials for a bucket on Amazon S3. This bucket is used to store the resulting files after our server generate the previews and metadata.
We recommend that your make this bucket write-only. This will allow our servers to copy files to it but never read them. This will assure you that once we process your files, our servers no longer have access to them.
In the process of generating previews and extracting metadata from your files some intermediate copies are created on our worker servers. This is unavoidable since our servers need to be able to read the files to produce previews and metadata from them.
Once your previews are generated we copy the resulting files to your Amazon S3 bucket. That includes all generated images and a JSON file with the metadata you requested. Once that's complete we immediately and permanently delete everything from our servers. That includes all original files, intermediate files and result files.
Since the resulting product are files we don't store any of that on our database. We only store file name, size, type and other statistics to help us monitor and improve the service. None of your file content is persisted on any of our database at any point.
We don't permanently store your files in any of our servers. Once you request a preview, it will be queued for processing. Processing starts by downloading the file, generating thumbnails and metadata, uploading to storage, notifying via webhook, and then we immediately delete the original and all generated files. We automatically save all uploaded files directly into your custom storage.
To make it easier to get started, if you haven't put in your custom write-only storage credentials we will store your result files on our servers, but as your usage increases we will kindly ask you to move to your own storage. This storage is meant for development environments and contents might be deleted without notice. Essentially, if you are going to release your product to a production environment, you should add your own storage credentials.
See our Bug Bounty Program for more details.