Last Updated: January 2025
This Security Overview describes our security approach but does not constitute a guarantee, warranty, or service-level commitment. Actual practices may evolve.
ArchiveView follows commercially reasonable security practices and industry standards appropriate for a cloud document-management platform.
AES-256 server-side encryption in AWS S3 and databases.
TLS 1.2+/1.3 enforced.
Encrypted, versioned, geographically redundant.
MFA supported, strong password enforcement, session controls, RBAC permissions, least-privilege principles, organization isolation, and audit logging.
Hosted on AWS using VPC isolation, private subnets, security groups, hardened serverless architecture, and automated dependency scanning.
Sanitized input handling, API throttling, code reviews, static analysis, vulnerability scanning, and regular security testing. We engage third-party assessments periodically.
User activity logging, anomaly detection, alerting, attempted intrusion monitoring, and periodic log review.
We maintain incident response procedures designed to detect, contain, and remediate security events. We notify customers of incidents affecting their data in a commercially reasonable timeframe.
Customers must enable MFA, secure accounts, manage permissions, classify sensitive documents appropriately, and avoid uploading prohibited data types.
We follow privacy and security principles aligned with frameworks such as GDPR, CCPA, and SOC2 best practices but do not claim formal certification unless explicitly stated.
AWS, Anthropic Claude, Amazon Textract, email & payment vendors may process data. We vet vendors and maintain data processing agreements where required.
Documents or extracted content sent to AI/OCR models are used only to provide the Service. AI output may be inaccurate and must be verified by the customer.
AWS provides physical data-center protection including access controls, surveillance, and environmental safeguards.
This overview may be updated periodically.
