Security
How we protect your documents at every layer.
Client-Side Encryption
AES-256-GCM encryption via the Web Crypto API. Your documents are encrypted in your browser before they ever leave your device. Each user has a unique cryptographic key derived from their account.
Access Control
Strict per-user data isolation enforced by Firestore Security Rules. Your documents are accessible only to your authenticated account — even administrators cannot read your encrypted files.
Infrastructure
Powered by Google Cloud via Firebase. Automatic scaling, managed SSL/TLS certificates, and DDoS protection provided by Google's global infrastructure.
Secure Storage
Upload validation enforces file type restrictions and a 50 MB size limit. Storage rules ensure each user can only access their own files. Security headers prevent clickjacking and MIME-type attacks.
Security Practices
- All traffic encrypted with TLS (HTTPS enforced)
- Firebase Authentication with Google sign-in
- X-Frame-Options, X-Content-Type-Options, and Referrer-Policy headers set
- Content-type validation on all file uploads
- Per-user encrypted document storage with PBKDF2 key derivation