At Uploadcare we honor the safety of personal and business-sensitive information and implement compliancy with GDPR, HIPAA and other standards and regulations. Uploadcare provides you with advanced privacy features to upload, access and manage your content in a secure way.

Signed uploads

Control who and when can upload files. It prevents from uploading files using a Public API key only. You'll have to generate a security token on the backend to upload a file. Signed uploads work for a particular Uploadcare project.

Signed URLs

Control who and when can request files. Enabling this feature limits access to your project files. A user will require a token from your backend to access the content. Signed URLs work in conjunction with custom domains.

AWS S3 storage

Uploadcare allows you to upload files directly to your own AWS S3 storage.

DDoS protection

Customers are automatically protected against Distributed Denial of Service (DDoS).

Malware protection

Enable malware checking for all uploaded files.

Search engine indexing

Restrict search engines to analyze and index content in your project for global search: image and text. Setup search engine indexing behavior for each of your projects.

Signed webhooks

Control who and when can call your webhook endpoint (URL). Without verification, anyone can spoof a request sent to the webhook URL. The solution is to sign each webhook payload with a secret.

HIPAA guide

HIPAA is US legislation providing data privacy and security provisions for safeguarding electronic protected health information (ePHI). On our Enterprise plan, Uploadcare can be configured to support HIPAA compliant workflow.


Uploadcare is committed to complying with industry-standard privacy and security measures and all applicable laws and regulations to keep customer and end-user data safe and secure: SOC 2, HIPAA, GDPR. Learn more about it in our Trust Center.