OrangedoxSecurity
Updated Mar 18th, 2024
Effective April 1st, 2024
Orangedox helps our customer secure their documents, allowing them to be confident that only the intended recipient gains access. However, is it ok to trust Orangedox with your confidential documents? And what measures does Orangedox employ to ensure their platform is safe?
How safe is Orangedox?
Entrusting an online service with your confidential files is a decision that shouldn't be taken lightly. To that point here's a list of the security best practices that Orangedox employs to help secure your confidential files on our platform.
Access Tokens
Orangedox integrates directly with your cloud storage provider, either Google Drive or Dropbox. Doing so allows Orangedox to pull files directly from your cloud storage provider, allowing you to update your shared files without having to re-upload them. However, this does require that Orangedox has continued access to your cloud storage account. This is done with OAuth Access Tokens that Orangedox stores and uses to gain access to your account. These access tokens are encrypted by Orangedox using 256-bit Advanced Encryption Standard (AES-256) then stored on Amazon AWS. At no time does any internal employee at Orangedox have access to unencrypted access tokens.
Shared Stuff that is stored by Orangedox
Orangedox stores your Shared Stuff on our servers allowing you to share them with your audience, this also includes online previews of your Shared Stuff (Preview Stuff). All your Shared Stuff and Preview Stuff that is stored by Orangedox is encrypted using 256-bit Advanced Encryption Standard (AES-256) and stored on Amazon S3. When you terminate your Orangedox account we remove these files from our servers within 48 hours.
Access to your Shared & Previewed Stuff
None of your Shared Stuff or Previewed Stuff is accessible by internal Orangedox employees, with the exception of designed security engineer(s), and only for the following scenarios
- to verify that the file does not violate our Terms of Service: Acceptable Use Policy
- to debug an issue with the previewed file at the customer's request
If you have any questions on how we handle our customers data please reach our security team at support@orangedox.com