Skip to main content

Security

Security at codocs

Security is not a feature but the foundation. This is exactly how codocs protects your files and data, without marketing speak.

Encryption, in transit and at rest

All traffic runs over TLS (HTTPS enforced, HSTS). Files are stored encrypted at the storage layer (server-side encryption); nobody reads them without the service keys.

Storage within the EU

Files live on European servers. No transfer outside the EU as part of the service; sub-processors are listed in the data processing agreement.

Two-step verification by default

Signing in always requires a password plus a one-time code by email. Strong hashing (bcrypt), rate limiting on login attempts, sessions can be ended per device.

Shares under your control

Share links use cryptographically random tokens, can carry a password and expiry date, and can always be revoked instantly.

Complete audit log

Upload, download, sharing, revoking, signing in: every event is recorded with a timestamp. Your activity log shows exactly what happens to your files.

Backups with proven recovery

Daily encrypted backups to a second, independent storage location, with automatic monitoring that raises an alarm when a backup fails to appear. Recovery targets: at most 24 hours of data loss, operational again within one business day.

Data minimisation

We only ask for an email address. No tracking ads, no data resale, cookieless statistics.

GDPR demonstrably in order

Data processing agreement, processing register and breach procedure are ready. Business customers can request them via hello@codocs.nl.

Found a vulnerability?

We would like to hear it before someone else abuses it. Mail your finding to hello@codocs.nl; we respond within 24 hours on business days and prioritise confirmed reports. Responsible reporters get credited by name if they wish.