ReFilesReFiles

Security Policy

Last updated: January 21, 2026

At ReFiles Inc., we take the security of your data seriously. This page describes the technical and organizational measures we implement to protect your information.

Infrastructure

ReFiles is hosted on Render with additional services on Amazon Web Services (AWS), Google Cloud Platform, and Modal. All infrastructure providers maintain industry-standard security certifications including SOC 2 and ISO 27001.

Our PostgreSQL database is hosted on Render with encryption at rest enabled.

Data Encryption

In Transit:

All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher. We enforce HTTPS on all connections.

At Rest:

Data stored in our database and file storage systems is encrypted at rest using AES-256 encryption.

Authentication & Access Control

We support secure authentication through Google OAuth and Microsoft Authentication. API access is controlled through secure token-based authentication.

Access to production systems is restricted to authorized personnel only and requires multi-factor authentication.

AI Data Processing

ReFiles uses OpenAI to provide AI-powered features. Data sent to OpenAI is transmitted securely and processed in accordance with OpenAI's enterprise data policies. We do not use your data to train AI models.

Backups & Recovery

We perform daily automated backups of all customer data. Backups are encrypted and stored in geographically separate locations to ensure data durability and availability.

In the event of a system failure, we are able to restore service and data access within 24 hours.

Incident Response

In the event of a security incident, we will:

  • Investigate and contain the incident immediately
  • Assess the scope and impact on customer data
  • Notify affected customers within 72 hours of becoming aware of a breach involving personal data
  • Provide guidance on any steps customers should take
  • Document the incident and implement measures to prevent recurrence

To report a security concern, contact us at security@refiles.io.

Employee Security

All employees with access to customer data undergo security awareness training. Access to production systems is granted on a need-to-know basis and reviewed regularly.

Subprocessors

We use third-party service providers (subprocessors) to help deliver our services. A current list of our subprocessors is available on our Subprocessors page.

Compliance

ReFiles Inc. is designed to help customers meet their obligations under applicable data protection laws, including GDPR and CCPA. Our Data Processing Agreement is available upon request.

Questions

If you have questions about our security practices, please contact us at security@refiles.io.