Your Data is ONLY Yours
One of the main priority of Papermerge Hosted Solution is protection of your documents. This article describes how we protect your data and what are security measures taken in context of Hosted Solution. This article is of more technical nature than Summary of our GDPR Compliance.
Papermerge is web-based document management system. This means that you can access your documents from anywhere via Web-Browser. In order to make all web requests secure - Papermerge accepts only secure web requests i.e. only encrypted http requests. Http requests are encrypted using standard TLS protocol with a valid TLS certificate - this is why in your browser you will see a green lock icon - right next to the web address. TLS encryption is especially important when you sign-in, because your username and password are transmitted encrypted over the wire.
The standard protocol for accessing remote servers is ssh. Thus, our engineers use ssh protocol to login to remote servers and deploy Papermerge, perform maintenance and upgrades. In order to make access to remote server very secure - our engineers authenticate to remote servers only using very secure certificate based authentication. Password based authentication is disabled on remote machines.
In order to ensure safety and our clients documents, we run backups twice a day. All documents of all users in Papermerge system are safely stored in backup archive. Backup archive is then encrypted using AES 256 CBC algorithm with 2048 bit RSA key. Securely encrypted archive of your documents is then copied in two different data centers. Note however, that data centers are located in same economic area with your Papermerge instance - this is the region which clients choose during registration process.
Last, but not least - our main business is to securely guard your documents. We DON'T give, sell or transmit information in your documents or any derivative of your data. Your documents are yours only. Privacy of your documents is important for us as much as it is important for you.