Encryption and Data Protection

How Filently keeps your data secure at every layer – at rest, in transit, and in your control.

Written By Valentin from Filently

Last updated 8 days ago

Encryption at Rest

All sensitive data stored in our database is encrypted using AES-256-GCM – the same encryption standard used by banks and government agencies.

Encrypted fields include:

  • Document filenames and folder paths

  • AI-generated classifications and suggestions

  • Your custom filing instructions

  • Temporarily extracted text (deleted after filing)

Even in the unlikely event of a database breach, your data would be unreadable without the encryption keys. The encryption keys are stored separately from the database and are never exposed.

Encryption in Transit

Every connection Filently makes is encrypted with HTTPS/TLS:

  • Your browser to Filently – All data you send and receive is encrypted in transit

  • Filently to Google Drive – All file operations use Google's secure API endpoints

  • Filently to AI and text extraction services – All processing requests use encrypted connections

At no point does your data travel over an unencrypted connection.

Access Controls

  • Data isolation – Your data is isolated from every other user. No one else can access your documents or settings.

  • OAuth tokens stored server-side – The credentials that grant Filently access to your Google Drive are stored securely on our servers and never exposed to your browser.

  • Staff access restrictions – Filently staff cannot access your encrypted personal data. Encrypted fields are inaccessible without the encryption keys, which are not available through any admin interface.

Data Retention

Filently follows a minimal data retention approach:

Data type

Retention

Extracted document text

Deleted after the document is filed

Document metadata (encrypted filenames, folders, status)

Retained for your document history

Account information

Retained while your account is active

OAuth tokens

Retained while your Google Drive is connected

  • You can delete individual documents from your history at any time

  • When you delete your account, all associated data is permanently removed

Your Control

You are always in control of your data and your connection to Filently:

  • Revoke Google Drive access at any time through your Google Account permissions

  • Delete your account and all associated data through the app settings

  • Contact us at any time to request a full data export or deletion

CASA Tier 2 Certified

Filently is CASA Tier 2 certified – a security assessment developed by Google for applications that access Google user data. An independent auditor evaluated Filently's data encryption, access controls, secure storage practices, vulnerability management, and incident response procedures.

This means Filently's security practices have been independently verified to meet Google's standards for handling your data.

If you need a copy of the Statement of Validation, contact us.

Related Articles