Security is a top priority for FileHound because we care about it and it is also of great importance to our customers.
FileHound uses a variety of industry-standard technologies and services to secure your data from unauthorised access, disclosure, use, and loss.
Data encryption in transit
All data transmitted between FileHound customers and the FileHound service is done so using strong encryption protocols. FileHound supports the latest recommended secure cipher suites to encrypt all traffic in transit, including use of TLS 1.2 protocols, AES256 encryption, and SHA2 signatures, whenever supported by the clients.
Data encrypted at rest
Data at rest in FileHound production network is encrypted using FIPS 140-2 compliant encryption standards, which applies to all types of data at rest within FileHound systems—relational databases, file stores, database backups, etc. All encryption keys are stored in a secure server on a segregated network with very limited access. FileHound has implemented appropriate safeguards to protect the creation, storage, retrieval, and destruction of secrets such as encryption keys and service account credentials.
Each FileHound customer’s data is hosted in our dedicated infrastructure and logically separated from other customers’ data. We use a combination of storage technologies to ensure customer data is protected from hardware failures and returns quickly when requested. The FileHound service is hosted in UK data centers maintained by industry-leading service providers, offering state-of-the-art physical protection for the servers and infrastructure that comprise the FileHound operating environment.
Third party API calls
FileHound makes external API calls to optimise for the best results.
For OCR and entity detection: APIs might be called on the following services Google Vision (OCR), Amazon Textract (OCR), and Docsparser (OCR). FileHound leverages multiple OCR engines before running a resolution layer.
Cloud Services for processing and API calls
There is documentation about the Cloud Services and API services that FileHound uses and FileHound understands from such documentation below that none of your data would be stored by these services beyond the completion of processing of the data by such cloud provider.
Security approaches of the Cloud Services
Each of the Cloud Services uses a combination of the approaches to keep their infrastructure secure, including the following:
- Physical access control
- Personnel security
- Logical access control
- Penetration testing
- Third party audits
- Intrusion detection and prevention
- You can find further information in the documentation from the Cloud Services:
To minimise the risk of data exposure, FileHound adheres to the principles of least privilege and role-based permissions when provisioning access—workers are only authorised to access data that they reasonably must handle in order to fulfil their current job responsibilities. All production access is reviewed at least quarterly following ISO27001 guidelines and methodologies.
To further reduce the risk of FileHound access to data, FileHound employs multi-factor authentication for all access to systems with highly classified data, including our production environment, which houses our customer data. Where possible and appropriate, FileHound uses private keys for authentication, in addition to the previously mentioned multi-factor authentication on a separate device.
FileHound requires personnel to use an approved password manager. Password managers generate, store, and enter unique and complex passwords to avoid password reuse, phishing, and other password-related risks.
Network Security and server hardening
FileHound divides its systems into separate networks to better protect sensitive data. Systems supporting testing and development activities are hosted in a separate network from systems supporting FileHound's production infrastructure. All servers within our production fleet are hardened (e.g. disabling unnecessary ports, removing default passwords, etc.) and have a base configuration image applied to ensure consistency across the environment. Network access to FileHound's production environment from open, public networks (the Internet) is restricted, with only a small number of production servers accessible from the Internet. Only those network protocols essential for delivery of FileHound's service to its users are open at our perimeter and there are mitigations against distributed denial of service (DDoS) attacks deployed at the network perimeter.
System Monitoring, Logging, and Alerting
FileHound monitors servers to retain and analyse a comprehensive view of the security state of its corporate and production infrastructure. Administrative access, use of privileged commands, and system calls on all servers in FileHound's production network are logged and retained for at least two years. Analysis of logs is automated to the extent practical to detect potential issues and alert responsible personnel. All production logs are stored in a separate network that is restricted to only the relevant security personnel.
Storage, data retention and disposal
Customer data is removed immediately upon the end of the contracting term or service agreement between FileHound and you. FileHound hard deletes all information from currently running production systems (excluding non-identifiable characteristics of data which is used to improve our service) and backups are destroyed within 30 days.