At Filestage, we believe that strong protection of customer data is done best when the whole organization is in full alignment.

Therefore, the security team at Filestage has been part of the development process since the very beginning. This allows our security team to identify any potential security issues before they happen.

More than that, our security team trains, supports and audits team members to ensure high security and data protection. In addition, Filestage conducts regular third-party network and application penetration tests.

The Filestage security program is built in line with the ISO 2700x standard, with controls related to the NIST framework and in compliance with European and German privacy regulations. Our security team implements and maintains appropriate controls to protect customer and company data.

Specific areas of focus are our network, database, system, and application security but also 24x7 monitoring, alerting, risk management, and compliance.

All data transmitted to and from the Filestage platform is protected using Transport Layer Security encryption. Filestage utilizes the strongest available encryptions, including TLS v1.2 and TLS v1.3.

All files, personal data, authentication data, and session tokens are encrypted at rest using AES 256-bit encryption. This corresponds to the security standard of German banks.

Filestage uses best-in-class DDoS protection services that auto-detect network attacks. These services protect the platform from availability disruptions. More than that, they identify and prevent brute force attacks to keep your account credentials safe and secure.

The Filestage platform and all the usage and personal data are also protected by an enhanced Web Application Firewall. This Firewall detects and blocks suspicious activities based on IP, HTTP Headers, Payloads, and URL strings.

The Filestage platform is protected by industry-leading network and host-based security monitoring tools, designed to detect and prevent malicious access to our customers’ data.

In order to reduce the risk of data exposure, Filestage adheres to the principle of least privilege and role-based access control. As a result, employees only have access to data and systems that are required to fulfill ownership.

Filestage secures production access of all employees by Multi-Factor Authentication. This reduces the likelihood of unauthorized or compromised user accounts accessing customer data.

Filestage monitors all production networks, systems, containers, and applications for suspicious and unusual behavior. Administrative access, privileged commands, and system calls are logged. These logs are analyzed in real-time to detect and alert on potential issues. Application access logs are retained for at least 14 days, system logs for at least 12 months for forensic analysis. Access to production logs is restricted to security personnel for maintenance purposes.

Client data is retained for the entire duration of the license agreement.

After expiry of the license agreement or earlier upon request, customer data will only be destroyed or anonymized if the account is deleted.

Backups are generated, hourly with retention of 2 days, weekly with retention of 4 weeks, and monthly with retention of 12 months. Backups that contain recently deleted data will be purged aligned with GDPR.

Filestage has established a sophisticated Security Incident Response Framework to report and respond to potential security incidents.

Security incidents are reviewed by our IT security team and escalated to the appropriate management depending on analysis, validation and severity. In the event of a security incident that has an impact on the customer, affected customers are notified by our customer support team via email aligned with GDPR.

Filestage uses a world-class hosting provider that distributes the platform operations across multiple availability zones. This protects Filestage platform availability from outages caused by insufficient power infrastructure, loss of network connectivity, and inadequate environmental controls.

Customers that use the local authentication method use a combination of a unique email and password. To encourage strong protection, the password policy requires a password strength of at least 8 characters. To encourage the use of strong passwords, Filestage requires a complex 8-character password.

Single Sign-On empowers customers to provide a seamless user experience when accessing the Filestage platform as well as effortless enforcement of company security requirements through authentication rules. Thus, the Filestage platform supports a broad variety of SSO providers (social, enterprise, legal) and protocols.

Learn more about supported SSO providers/protocols.

Sharing and commenting on files is a key part of the Filestage approval workflow. Filestage offers fine granular and customizable controls to empower customers with the security and access control they need - without interrupting the approval workflow.

Filestage is GDPR-compliant and our processes are regularly checked by external auditors. Thus, by using the Filestage platform you meet all requirements of the General Data Protection Regulation (GDPR).

You can find out more in our data privacy policy.

Filestage uses selected services and service providers (subcontractors) to maintain its general business operations. These service providers have limited access to selected personal data. Filestage assesses the security of subcontractors in accordance with the GDPR.

You retain full ownership and control over your files and your data at all times. For more information please visit our terms & conditions.

Filestage uses the data centers of the world's leading hosting provider. The third-party provider is ISO, SOC, TISAX, FedRamp and PCI certified and complies with numerous regulations and data protection standards such as HIPAA, HITECH, GLBA, EU Data Protection Directive, EU-US Privacy Shield, FISMA and many more.