Security
On this page
At Uploadcare we honor the safety of personal and business-sensitive information and implement compliancy with GDPR, HIPAA and other standards and regulations. Uploadcare provides you with advanced privacy features to upload, access and manage your content in a secure way.
Signed uploads
Control who and when can upload files. It prevents from uploading files using a Public API key only. You'll have to generate a security token on the backend to upload a file. Signed uploads work for a particular Uploadcare project.
Signed URLs
Control who and when can request files. Enabling this feature limits access to your project files. A user will require a token from your backend to access the content. Signed URLs work in conjunction with custom domains.
DDoS protection
Customers are automatically protected against Distributed Denial of Service (DDoS).
Malware protection
Enable malware checking for all uploaded files.
Search engine indexing
Restrict search engines to analyze and index content in your project for global search: image and text. Setup search engine indexing behavior for each of your projects.
Signed webhooks
Control who and when can call your webhook endpoint (URL). Without verification, anyone can spoof a request sent to the webhook URL. The solution is to sign each webhook payload with a secret.
HIPAA guide
HIPAA is US legislation providing data privacy and security provisions for safeguarding electronic protected health information (ePHI). On our Enterprise plan, Uploadcare can be configured to support HIPAA compliant workflow.
Compliance
Uploadcare is committed to complying with industry-standard privacy and security measures and all applicable laws and regulations to keep customer and end-user data safe and secure: SOC 2, HIPAA, GDPR. Learn more about it in our Trust Center.