FileCollect
ProductPricingSecurity
Log inStart free

Security at FileCollect

We built FileCollect so your clients' sensitive documents never sit on our servers. Here is how we keep data safe at every step.

TLS encryption

All data in transit is encrypted via TLS 1.2+ with modern cipher suites. No unencrypted connections are accepted.

Direct to Drive

Files are delivered directly to your own Google Drive. We never store permanent copies. Temporary files are purged within 24 hours.

GDPR-compliant

FileCollect complies with the EU General Data Protection Regulation. We process only the minimum data required.

EU-hosted

Our infrastructure is hosted in the European Union. Data does not leave the EU except when delivered to your Google Drive.

Data Processing Agreement (DPA)

A DPA is included on every plan, including Free. It covers our obligations as a data processor under the GDPR, the types of data we process, and the security measures we apply. Contact us at support@filecollect.io to request a signed copy.

What data do we process?

  • Professional accounts: Google profile (name, email, picture), Google Drive OAuth tokens (encrypted), Stripe customer ID, and account preferences.
  • Client uploads: Files are temporarily held on our server (up to 24 hours) while they are delivered to your Google Drive. After successful delivery, the temporary copy is deleted. We do not read, analyse, or share file contents.
  • Email addresses: Client email addresses are stored only to send upload invitations and reminders on your behalf.

Authentication and access

  • We use Google OAuth 2.0. We never see or store your Google password.
  • We request only the drive.file scope, which limits access to files and folders created by FileCollect. We cannot read or modify anything else in your Drive.
  • Client upload links use unique, unguessable slugs. You can add an access code for extra security.

Infrastructure

  • Application hosted on EU servers with DDoS protection via Cloudflare.
  • Database encrypted at rest (AES-256).
  • OAuth refresh tokens encrypted before storage.
  • Automated backups and monitoring.
  • Access limited to a small team with security training.

Responsible disclosure

If you find a security vulnerability, please report it to security@filecollect.io. We take all reports seriously and will respond within 48 hours.

FileCollect

Client documents, collected and filed.

Product
PricingSecurityContact
Legal
Privacy PolicyTerms of Service
© 2026 FileCollect. All rights reserved.