Encryption in Transit
All uploads and downloads use TLS 1.3—the latest and most secure transport encryption. Your files are encrypted the moment they leave your browser and remain encrypted until they reach our servers.
TIP: Verify Our TLS
Test our TLS configuration yourself at SSL Labs. We maintain an A+ rating.
Encryption at Rest
Files stored on our servers are encrypted with AES-256—the same standard used by banks, governments, and military organizations. Even if someone gained physical access to our storage, they couldn't read your files.
Processing Security
Files are decrypted in memory only during the brief processing window. Once processing completes, the unencrypted data is immediately cleared. Files never exist unencrypted on disk.
Access Control
Only our processing workers can decrypt files—and only for the specific operation you requested. No human ever sees your files. Access is logged and audited.
What's Not Encrypted
Job metadata (file sizes, formats, status) is stored unencrypted to enable real-time status updates. This metadata contains no file contents or personally identifying information.
What Encryption Protects
Encryption protects against network interception (someone snooping on your upload), unauthorized filesystem access, and data theft from storage systems.
Honest Limitations
Encryption can't protect against a full system compromise where an attacker gains access to our running processes. That's why we combine encryption with strict access controls, monitoring, and rapid file deletion.