Encryption you can verify, not just trust.
Your team holds the keys. Our staff cannot see your files. Every action is tamper-proof and signed. The whole security model is public, and we use the same code paths internally that you do.
Pick how strict you want to be. Per workspace, per folder.
End-to-end is the strictest setting. Server-side keeps more features running. Either way, no one at FileShare can read your files unless you specifically approve it.
Files are encrypted on your device before upload. FileShare never sees plaintext. Share links are disabled.
Encrypted at rest with platform-managed keys. Full feature set including share links, approvals, and previews.
No standing access. Ever.
Every interaction between FileShare staff and customer data passes through an approval loop. There is no second path, no break-glass back channel — even our CEO uses the same flow.
How we handle the keys.
The simplest way to say our threat model: we assume someone hostile is on every team, including ours. The system has to hold even then.
One key per workspace
Each workspace has its own encryption key, so a problem in one never reaches another. Older keys stay around so older files still open, but new files are always written with the freshest key.
Bring your own keys
Already have a key vault from AWS, Google, Microsoft, or on-prem hardware? Plug it in. Your master key never leaves your environment — we just ask it to wrap ours.
Refreshed on a schedule
Default is every 90 days, hands-off. If your industry calls for tighter rotation, you can dial it down to daily. Each refresh shows up in your audit log with a verifiable proof.
Recoverable only by you
If a key is ever lost, recovery requires several of your admins approving together — and a written reason. FileShare alone cannot trigger it. There is no master backdoor.
Devices, sessions, anomalies — surfaced and acknowledgeable.
- Sessions tied to a device
If someone copies your session cookie onto another machine, it stops working. Logins are bound to the device that signed in.
- 2FA that resists phishing
Passkeys (Face ID, Touch ID, security keys) are preferred. Authenticator apps work too. SMS codes are off by default — they're too easy to intercept.
- Catches impossible logins
A session that jumps continents in 10 minutes is paused, and your admins are notified.
- Sensitive actions ask again
Mass downloads, role changes, and key changes require a fresh 2FA prompt — even in the middle of an active session.
Run it on your own servers.
Run a FileShare server inside your own network. Every byte stays within your boundary, while the app keeps updating from us automatically. Same product, your jurisdiction.
- Signed and verifiable. every package is cryptographically signed; you check what you install.
- Works without internet. install in disconnected or air-gapped environments using offline licenses.
- Highly available by default. survives a server going down without losing a single write.
- Single or multi-region. EU-only, US-only, or replicated across 27 regions — pick what your residency rules demand.
Audit-ready paperwork, audit-ready architecture.
The two halves of compliance — controls in production, and proof on paper — wired together. Every control on this page has a corresponding line in our SOC 2 report.
Security that actually ships with your product.
30-day free trial. Full Business plan. Cancel anytime before billing.