Security and Compliances
Uploadcare honors the safety of your and your clients’ critical information. We provide you with several ways to implement extra access and control management in your data ingestion and delivery flows.
Signed Uploads: Control who and when can upload
After enabling Signed Uploads, uploading any file will require a security token that should be generated on your backend. Thus nobody can upload a file to your project using only an API key.
Note that the Signed Uploads flow sets up for a particular Uploadcare project and implies you have a backend-enabled product.
Signed URLs: Control who and when can access
While the Signed Uploads feature is made to control file uploading, the Signed URLs one is responsible for requesting the already uploaded files. When enabled, a user will require a token from your backend to access the content. Token authentication also ensures a URL can only be accessed while the token has not expired.
Authenticated URLs (the other name for Signed URLs) work together with custom domains. You should set up a custom CNAME before using the feature.
HIPAA Compliance: Control ePHI Data Flows
Uploadcare allows you to set up Health Insurance Portability and Accountability Act compliance for your data flows in three simple steps. Those steps actually include both techniques mentioned here: Signed Uploads and Authenticated URLs. Thanks to them, you will get the necessary safety measures for safeguarding medical information.
Data encryption, access controls, backup: all of this made transparent and convenient with the full support of our engineers.