Enterprise-grade security and compliance controls designed for businesses handling sensitive documents. Your data is protected with industry-leading security measures.
Security Overview
At renamed.to, security is fundamental to our service. We implement comprehensive security measures across all aspects of our platform to ensure your documents and data remain protected. Our security program follows industry best practices and is regularly audited and updated.
Data Security
End-to-End Encryption
All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Files are temporarily stored in secure cloud storage during processing, then automatically deleted.
Data Residency
EU customers' data is processed and stored in EU-hosted infrastructure. US customers' data may be processed in US regions. Files are temporarily stored during processing, then automatically deleted.
File Processing Security
Documents are processed in isolated environments. Files are temporarily stored in region-appropriate secure storage to enable processing and downloads, then automatically deleted.
Secure File Storage
Files are temporarily stored in secure, encrypted cloud storage (region-appropriate) to enable zip downloads, then automatically deleted.
Access & Authentication
Multi-Factor Authentication
Two-factor authentication (2FA) is available for all accounts. We support authenticator apps, SMS, and hardware security keys.
Role-Based Access Control
Granular permissions ensure users only access files and features appropriate to their role. Admin controls for team management.
SSO Integration
Enterprise SSO support via Google Workspace, Microsoft 365, and SAML 2.0. Centralized user management and access control.
Audit Logging
Comprehensive audit logs track all user actions, file accesses, and system events. Logs retained for compliance and security monitoring.
Infrastructure Security
Secure Hosting
Hosted on industry-leading cloud providers with SOC 2 Type II compliance. Regular security assessments and penetration testing.
24/7 Monitoring
Continuous security monitoring and alerting for threats, unauthorized access attempts, and system anomalies.
Incident Response
Established incident response procedures with dedicated security team. Customers notified within 24 hours of security incidents.
Regular Security Updates
Automated security patching and updates. Dependencies regularly scanned for vulnerabilities using industry-standard tools.
Compliance & Certifications
SOC 2 Type I Aligned
Our security controls are aligned with SOC 2 Type I requirements, covering security, availability, and confidentiality. We undergo regular third-party assessments to maintain compliance.
GDPR & Privacy Shield
Fully compliant with EU General Data Protection Regulation (GDPR). We implement privacy-by-design principles and provide data processing agreements for enterprise customers.
CCPA Ready
California Consumer Privacy Act compliant with data minimization, access rights, and deletion capabilities. Clear privacy notices and user control over personal data.
Third-Party & Integration Security
Limited OAuth Scopes
We request only the minimum permissions required for file processing. For example:
- •Google Drive: Files access limited to specific folders
- •Dropbox: Scoped access to designated team folders
- •Microsoft 365: Site-level permissions for SharePoint libraries
Token Management
API tokens and OAuth credentials are encrypted at rest and in transit. Automatic token rotation and immediate revocation capabilities. No permanent storage of user credentials.
Data Retention & Deletion
What We Store
- •Original filename, new filename, and new file path retained for audit trail, customer support, and service usage analysis
- •Files temporarily stored in secure cloud storage during processing, then automatically deleted
- •User account information and preferences
- •Integration settings and connection metadata
- •Audit logs for security and compliance (1 year retention)
Your Control
- •Delete metadata anytime from your dashboard
- •Disconnect integrations to revoke all access instantly
- •Full account deletion with complete data removal
- •Data export available before account deletion
Security Contact
If you discover a security vulnerability or have security concerns, please contact us immediately:
Security Team
Email: security@renamed.to
We appreciate responsible disclosure and will acknowledge your report within 24 hours. Our security team will work with you to understand and resolve the issue.
Security Updates
Latest Security Improvements
Regular security updates and improvements are documented in our changelog. Recent enhancements include enhanced encryption protocols, improved access controls, and regular security audits.