OrangedoxSecurity

Updated Sept 20th, 2023

Orangedox helps our customer secure their documents, allowing them to be confident that only the intended recipient gains access. However, is it ok to trust Orangedox with your confidential documents? And what measures does Orangedox employ to ensure their platform is safe?

How safe is Orangedox?

Entrusting an online service with your confidential files is a decision that shouldn't be taken lightly. To that point here's a list of the security best practices that Orangedox employs to help secure your confidential files on our platform.

Access Tokens

Orangedox integrates directly with your cloud storage provider, either Google Drive or Dropbox. Doing so allows Orangedox to pull files directly from your cloud storage provider, allowing you to update your shared files without having to re-upload them. However, this does require that Orangedox has continued access to your cloud storage account. This is done with OAuth Access Tokens that Orangedox stores and uses to gain access to your account. These access tokens are encrypted by Orangedox using 256-bit Advanced Encryption Standard (AES-256) then stored on Amazon AWS. At no time does any internal employee at Orangedox have access to unencrypted access tokens.

Only Previewed Files are stored by Orangedox

Unlike similar document protection services Orangedox doesn't store every file that you share with our service. Instead we integrate with your cloud storage service, either Google Drive or Dropbox, and whenever someone downloads a file shared via Orangedox it comes directly from your cloud storage provider. At no time does Orangedox cache or store this file.

However there exceptions to this, any file that Orangedox generates a preview (full list here) will be stored on our servers. This is required so that Orangedox can provide a web preview of your file online, which we term 'Previewed Files'

Previewed Files Encryption

All previewed files are stored on Amazon's S3 and are encrypted with 256-bit Advanced Encryption Standard (AES-256).

Access to Previewed Files

Previewed files are not accessible by internal Orangedox employees, and only designed security engineer(s) are granted access in one of the following scenarios

Removal of Previewed Files

Orangedox does not keep previewed files indefinitely, periodically we clean out old versions of previewed files that are not currently shared.

If you have any questions on how we handle our customers data please reach our security team at support@orangedox.com