Skip to main content
Renamed.to logorenamed.to

Security & Compliance

Security and compliance controls designed for businesses handling sensitive documents. End-to-end encryption, GDPR-compliant DPA, and minimal data retention.

Security Overview

At renamed.to, security is fundamental to our service. We implement security measures across our platform to keep your documents and data protected. Our security program is organized around the SOC 2 control areas (security, availability, confidentiality) and is updated continuously. We are not yet SOC 2 audited; a third-party audit is on our roadmap as we scale.

Data Security

End-to-End Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Files are temporarily stored in secure cloud storage during processing, then automatically deleted.

Data Residency

EU customers' data is processed and stored in EU-hosted infrastructure. US customers' data may be processed in US regions. Files are temporarily stored during processing, then automatically deleted.

File Processing Security

Documents are processed in isolated environments. Files are temporarily stored in region-appropriate secure storage to enable processing and downloads, then automatically deleted.

Secure File Storage

Files are temporarily stored in secure, encrypted cloud storage (region-appropriate) to enable zip downloads, then automatically deleted.

Access & Authentication

Strong Authentication

Sign in with passkeys (including hardware security keys via WebAuthn), email one-time codes, or enterprise SSO. Authenticator-app (TOTP) two-factor authentication is on our roadmap.

Role-Based Access Control

Granular permissions ensure users only access files and features appropriate to their role. Admin controls for team management.

SSO Integration

Enterprise SSO support via Google Workspace, Microsoft 365, and SAML 2.0. Centralized user management and access control.

Audit Logging

Comprehensive audit logs track all user actions, file accesses, and system events. Logs retained for compliance and security monitoring.

Infrastructure Security

Secure Hosting

Hosted in the EU (Hetzner, Germany) with Cloudflare R2 for transient storage. Infrastructure providers hold SOC 2 Type II and/or ISO 27001 certifications. Automated dependency vulnerability scanning on every build.

24/7 Monitoring

Continuous security monitoring and alerting for threats, unauthorized access attempts, and system anomalies.

Incident Response

Documented incident response procedures. Affected customers notified within 72 hours of a confirmed personal data breach (per GDPR Art. 33).

Regular Security Updates

Automated security patching and updates. Dependencies regularly scanned for vulnerabilities using industry-standard tools.

Compliance & Certifications

SOC 2 Control Areas

Our security program is organized around the SOC 2 control areas (security, availability, confidentiality). We are not yet SOC 2 audited; a third-party audit is on our roadmap as we scale. Our infrastructure and AI subprocessors (Cloudflare, OpenAI, Mistral, Google) carry SOC 2 Type II reports.

GDPR Compliant

Fully compliant with the EU General Data Protection Regulation (GDPR). We implement privacy-by-design principles and provide a Data Processing Agreement (DPA) with Standard Contractual Clauses for international transfers.

CCPA Ready

California Consumer Privacy Act compliant with data minimization, access rights, and deletion capabilities. Clear privacy notices and user control over personal data.

Third-Party & Integration Security

Limited OAuth Scopes

We request only the minimum permissions required for file processing. For example:

  • Google Drive: Files access limited to specific folders
  • Dropbox: Scoped access to designated team folders
  • Microsoft 365: Site-level permissions for SharePoint libraries

Token Management

API tokens and OAuth credentials are encrypted at rest and in transit. Automatic token rotation and immediate revocation capabilities. No permanent storage of user credentials.

Data Retention & Deletion

What We Store

  • Original filename, new filename, and new file path retained for audit trail, customer support, and service usage analysis
  • Files temporarily stored in secure cloud storage during processing, then automatically deleted
  • User account information and preferences
  • Integration settings and connection metadata
  • Audit logs for security and compliance (1 year retention)

Your Control

  • Delete metadata anytime from your dashboard
  • Disconnect integrations to revoke all access instantly
  • Full account deletion with complete data removal
  • Data export available before account deletion

Security Contact

If you discover a security vulnerability or have security concerns, please contact us immediately:

Security Team

Email: security@renamed.to

We appreciate responsible disclosure and will acknowledge your report within 24 hours. Our security team will work with you to understand and resolve the issue.

Security Updates

Latest Security Improvements

Regular security updates and improvements are documented in our changelog. Recent enhancements include automated dependency scanning, improved access controls, and ongoing review of our incident response procedures.