Enterprise-grade security controls protecting your data at every layer, built to meet SOC 2 Type II standards.
Six pillars of security built into every layer of the FileRidge platform.
All data is encrypted at rest with AES-256 (managed by our infrastructure providers: Neon for the database, Cloudflare R2 for files) and encrypted in transit with TLS 1.2+.
Enterprise authentication with single sign-on, multi-factor authentication support, and automatic session management with secure token validation.
Granular role levels enforce the principle of least privilege, ensuring users only access what they need for their specific responsibilities.
Every action generates an append-only audit record through a single enforced code path. Records are written once and not updated, and inherit the durability and point-in-time recovery of our managed database. Logs are retained for 3+ years with full request correlation and user attribution.
Soft deletes preserve records for a grace period rather than removing them immediately. The data model carries legal-hold fields that block deletion of held records, audit-log retention is enforced by an automated scheduled purge, and all deletion events are recorded in the audit trail.
Runs on Cloudflare's global edge network with Neon Postgres and Cloudflare R2 object storage, with point-in-time database recovery and rate limiting to prevent abuse.
Enterprise-grade identity management with granular role-based permissions at every level.
Every meaningful action is recorded in an append-only audit trail enforced by application design.
Clear, documented retention policies designed for regulatory compliance and data protection.
| Data Type | Retention | Basis |
|---|---|---|
| Audit Logs | 3 years | SOC 2 |
| Claims | 7 years | Insurance Reg. |
| Invoices | 7 years | Insurance Reg. |
| Deleted Records | 30 days | Grace Period |
How FileRidge's controls map to the five SOC 2 trust service criteria. We are not yet formally audited or certified—this reflects the security standards we build to.
Protection against unauthorized access through encryption, access controls, rate limiting, security headers, and continuous monitoring.
Designed for 99.9% uptime on Cloudflare's globally distributed network, with Neon Postgres point-in-time recovery.
Automated fee calculations, comprehensive audit trails, data validation at every boundary, and immutable transaction records.
AES-256 encryption at rest, strict multi-tenant data isolation, role-based access control, and sensitive data redaction in logs.
Documented data retention policies, right to deletion, privacy policy, data portability support, and US-region data storage.
Built on Cloudflare's global edge network with Neon Postgres and Cloudflare R2, engineered for enterprise-grade reliability and resilience.
Globally distributed edge compute and storage with built-in DDoS protection, serving requests close to your users.
Your application database and stored files are hosted in United States cloud regions (Neon Postgres and Cloudflare R2). Application requests are processed on Cloudflare's global edge network; persistent customer data is stored in the US.
Daily automated backups with 30-day retention and 7-day point-in-time recovery window.
Development and production environments are fully separated with no data transfer between them.
Cloudflare platform-layer DDoS protection runs before application code; application-layer rate limiting (per-IP and per-tenant tiers) protects against credential stuffing and API abuse.
We're happy to discuss our security practices, respond to security questionnaires, or provide additional documentation about how we protect your data.