Security & Trust

Enterprise-grade security controls protecting your data at every layer, built to meet SOC 2 Type II standards.

Built to SOC 2 Type II Standards

FileRidge has implemented comprehensive security controls aligned with SOC 2 Type II trust service criteria. Our platform is architected for compliance from the ground up—security isn't an afterthought, it's foundational to how we build. FileRidge is not yet SOC 2 certified; these controls reflect how the platform is built today.

256
Bit AES-GCM Encryption
3yr
Audit Log Retention
99.9%
Uptime Target
US
Only Data Residency
Security Controls

How We Protect Your Data

Six pillars of security built into every layer of the FileRidge platform.

Data Encryption

All sensitive data is encrypted using AES-256-GCM at rest and TLS 1.2+ in transit. Field-level encryption with versioned ciphertext supports seamless key rotation.

AES-256-GCM TLS 1.2+ Key Rotation

Authentication & Identity

Enterprise authentication with single sign-on, multi-factor authentication support, and automatic session management with secure token validation.

Enterprise SSO MFA Session Mgmt

Role-Based Access Control

Granular role levels enforce the principle of least privilege, ensuring users only access what they need for their specific responsibilities.

RBAC Least Privilege Per-Org Controls

Immutable Audit Logging

Every action generates an immutable audit record enforced at the database level. Logs are retained for 3+ years with full request correlation and user attribution.

Immutable 3yr Retention Correlated

Data Protection

Soft deletes with configurable retention periods prevent data loss. Legal hold enforcement cascades to child records, and automated cleanup runs with full audit trails.

Soft Delete Legal Hold 7yr Claims

Infrastructure Security

Hosted on Google Cloud Platform in US regions with daily automated backups, point-in-time recovery, and rate limiting to prevent abuse.

Google Cloud US Regions Rate Limiting
Access Control

Identity & Authorization

Enterprise-grade identity management with granular role-based permissions at every level.

Authentication

  • Enterprise single sign-on (SSO) support
  • Multi-factor authentication
  • Automatic session expiry and renewal
  • Failed login attempt tracking and lockout

Authorization

  • Granular role-based permissions with multiple access tiers
  • Principle of least privilege across all endpoints
  • Per-organization feature and access controls
  • Multi-tenant data isolation on every query
Audit Trail

Comprehensive Audit Logging

Every meaningful action is recorded in an immutable, tamper-evident audit trail.

Immutable & Tamper-Evident

  • Append-only audit log enforced at the database level
  • Tamper-evident design prevents log manipulation
  • Sensitive data automatically redacted before storage

Long-Term Retention

  • Minimum 3-year retention period
  • Exceeds SOC 2 audit log requirements
  • Automated lifecycle management after retention period

Comprehensive Coverage

  • Authentication and authorization events
  • All data access and modification operations
  • Security events and access denials
  • End-to-end request correlation for traceability
Data Handling

Data Retention & Protection

Clear, documented retention policies designed for regulatory compliance and data protection.

Retention Schedule

Data Type Retention Basis
Audit Logs 3 years SOC 2
Claims 7 years Insurance Reg.
Invoices 7 years Insurance Reg.
Deleted Records 30 days Grace Period

Protection Mechanisms

  • Soft Delete: Records are marked for deletion, not immediately removed
  • Legal Hold: Cascading hold prevents deletion of records under legal review
  • Automated Cleanup: Daily batch jobs process expired records with retry logic
  • Audit Trail: All deletion events are logged for accountability
  • Admin Authorization: Legal holds require admin-level permissions
Compliance

SOC 2 Trust Service Criteria

How FileRidge's controls map to the five SOC 2 trust service criteria. We are not yet formally audited or certified—this reflects the security standards we build to.

Security

Protection against unauthorized access through encryption, access controls, rate limiting, security headers, and continuous monitoring.

Availability

Designed for 99.9% uptime with automated failover, redundant infrastructure on Google Cloud, and daily backups with point-in-time recovery.

Processing Integrity

Automated fee calculations, comprehensive audit trails, data validation at every boundary, and immutable transaction records.

Confidentiality

Field-level AES-256 encryption, strict multi-tenant data isolation, role-based access control, and sensitive data redaction in logs.

Privacy

Documented data retention policies, right to deletion, privacy policy, data portability support, and US-only data residency.

Infrastructure

Cloud Infrastructure

Built on Google Cloud Platform with enterprise-grade reliability and US-based data residency.

Google Cloud Platform

Enterprise-grade cloud infrastructure trusted by millions of businesses worldwide.

US Data Residency

All data stored and processed within United States regions. Your data never leaves US soil.

Automated Backups

Daily automated backups with 30-day retention and 7-day point-in-time recovery window.

Isolated Environments

Development and production environments are fully separated with no data transfer between them.

Rate Limiting

Layered rate limiting protects against abuse and denial-of-service attacks.

Have Security Questions?

We're happy to discuss our security practices, respond to security questionnaires, or provide additional documentation about how we protect your data.

Contact Us View Privacy Policy