INTRODUCTION

FileInvite is a cloud based software platform used to request and collect documentation and information. It provides a highly efficient and secure way for professionals, businesses and entities to collect and manage the documentation they need to complete their workflow in the most productive and compliant way possible.

The platform is used by tens of thousands of individuals across multiple countries in collecting both public and private information. With a large percentage of our users operating within the financial services sector we understand the strict requirements and measures needed to provide assurance and operational compliance. We take security extremely seriously and this document outlines some of the measures we have in place to protect the security of our users and their clients data.

Due to the sensitive nature of security practices, we cannot disclose all the measures we take with a large deal of detail as this would in turn compromise some of the measures, however this document is intended to give a high level overview of some of the types of security measures we have in place.

 

TREATMENT OF INFORMATION

All information submitted to FileInvite is deemed as private and treated as such with the same measures and standards of security whether it was public or non-public. We have security measures at both software and operational level meaning that processes and policies are in place both electronically within the platform, and at operational staff level with regards to the handling of customer information.

 

DISCLOSURE

Private information will never be voluntarily disclosed to 3rd parties unless required to do so by law or as outlined under our standard terms of service. FileInvite operates under our governing privacy policy and in accordance with the terms of that policy which can be found on our privacy page.

 

SECURE BY DESIGN

FileInvite has been designed with security in mind through the unique architecture deployed. The design of the system allows the end client to securely supply their information on any device without creating any account, downloading any software, or without installing any mobile app. This is achieved by locking off any access to the files they uploaded as soon as they leave the page, or after 15 minutes of inactivity. If a client was to return to the portal, or anyone else gained access to the link, they cannot access the files uploaded.

 

SERVER HOSTING

The FileInvite application is run on an enterprise grade environment through the Amazon Web Services platform (AWS) using the latest technologies in web service deployment, hosting, and security.

The AWS platform is fully PCI compliant and is recognised as one of the most secure cloud environments available in the world today. It is the same infrastructure as used by companies such as Dropbox, Netflix, Xero, Airbnb, and many more.  

All file data is stored on Amazon's S3 service, using encrypted urls, and any files transmitted to and from the application are done using secure SSL technology. You can read more information on the AWS platform security here.

 

ENCRYPTION

All data transmitted to and from the FileInvite application is done via encrypted SSL technology with 256 bit encryption. This is the same security standard banks use for internet banking and credit card transactions on ecommerce websites. All areas of the application, including the public facing areas of the main website are encrypted, not just pages submitting data. 

Once user data uploaded is transmitted to Amazon S3 servers and stored at rest in encrypted buckets using Amazon S3 encryption. Access links to files are generated using 3 separate long form encryption keys which mechanically is exponentially more secure than having them accessible behind a simple username and password access restriction.

 

VULNERABILITY AND PENETRATION TESTING

To ensure we are constantly striving for the highest level of security, FileInvite regularly commissions independent security audits by 3rd party security consultants to conduct testing for application vulnerabilities and server penetration weaknesses.