Security and trust, by design
We built this for industries where a leak ends careers — legal, healthcare, education, finance. We treat your data like it could end ours too.
Encryption at rest and in transit
AES-256 at rest using AWS KMS. TLS 1.3 in transit. No exceptions.
Per-tenant encryption keys (Enterprise)
Each Enterprise customer gets a dedicated AWS KMS Customer Master Key. Cancel and your data is cryptographically erased.
Immutable audit log
Every view, edit, share, and download is logged. Postgres trigger prevents tampering. Stream to S3 with object lock for true immutability.
Compliance
SOC 2 Type II in progress (audit Q3 2026). GDPR-ready data export and deletion. PIPEDA-compliant for Canadian customers. HIPAA BAA available.
Sandboxed processing
Every uploaded PDF processed in an isolated container with no network egress. JavaScript actions stripped from PDFs by default.
Zero-trust auth
MFA available on all plans. SAML SSO on Business and Enterprise. Session tokens scoped per-document with short TTLs.
Request a security review
Need our SOC 2 report, penetration test summary, sub-processor list, or to sign a custom DPA / BAA? We respond to security review requests within 1 business day.
security@edts.ca →