Security and Compliances

Uploadcare honors the safety of your and your clients’ critical information. We provide you with several ways to implement extra access and control management in your data ingestion and delivery flows.

Signed Uploads: Control who and when can upload

After enabling Signed Uploads, uploading any file will require a security token that should be generated on your backend. Thus nobody can upload a file to your project using only an API key.

Note that the Signed Uploads flow sets up for a particular Uploadcare project and implies you have a backend-enabled product.

How to enable Signed Uploads

Signed URLs: Control who and when can access

While the Signed Uploads feature is made to control file uploading, the Signed URLs one is responsible for requesting the already uploaded files. When enabled, a user will require a token from your backend to access the content. Token authentication also ensures a URL can only be accessed while the token has not expired.

Authenticated URLs (the other name for Signed URLs) work together with custom domains. You should set up a custom CNAME before using the feature.

How to enable Signed URLs

HIPAA Compliance: Control ePHI Data Flows

Uploadcare allows you to set up Health Insurance Portability and Accountability Act compliance for your data flows in three simple steps. Those steps actually include both techniques mentioned here: Signed Uploads and Authenticated URLs. Thanks to them, you will get the necessary safety measures for safeguarding medical information.

Data encryption, access controls, backup: all of this made transparent and convenient with the full support of our engineers.

How to enable HIPAA Compliance

Questions?

We’re always happy to help with code, integration, and other stuff.
Search our site for more info or post your question in our Community Area.