Security

Our Commitment to Security

PDFHaul is built with a privacy-first mindset. We understand that you trust us with your documents, and we design our systems to minimize data retention and reduce exposure wherever possible.

Data Encryption

Encryption in Transit

All communication between your device and PDFHaul is encrypted using HTTPS/TLS.

• Transport Layer Security (TLS)
• Automatic SSL certificates (managed & renewed)
• Modern, secure cipher suites
• HSTS to enforce encrypted connections

Encryption at Rest

All temporary files and service data stored on our cloud provider are encrypted at rest using industry-standard encryption.

• Cloud provider-managed encryption keys
• Encrypted storage for temporary files
• Encrypted database backups
• Secure secrets management

Infrastructure Security

Cloud Infrastructure

PDFHaul runs on a trusted cloud provider, which provides:

• SOC 2 Type II certified data centers
• 24/7 physical security and monitoring
• Redundant power, networking, and failover systems
• DDoS protection and traffic filtering
• Geographic redundancy for disaster recovery

Network Security

• Firewall protection on all network boundaries
• Virtual Private Cloud (VPC) isolation
• Network segmentation for sensitive components
• Regular vulnerability scanning

Application Security

• Cloudflare Web Application Firewall (WAF)
• Rate limiting to prevent automated abuse
• Input validation & sanitization
• Protection against common vulnerabilities (e.g., SQLi, XSS)
• Secure session management with HttpOnly & SameSite cookies

File Processing Security

File Handling

• Isolated Processing: Files are processed in isolated containerized environments.
• File Type Validation: Only supported PDF and image formats are accepted.
• Size Limits: Limits help prevent resource exhaustion attacks.
• Sandboxed Execution: Processing operations run in isolated containers.

Automatic Deletion

• Files deleted from active storage within ~2 hours
• Temporary processing files removed immediately
• No permanent storage of user files

Cloud Provider Backups: Our cloud provider may retain low-level storage remnants (e.g., block-level snapshots) for a short period for reliability purposes. These remnants are not accessible to PDFHaul and are covered by the cloud provider's security and privacy commitments.

Compliance & Standards

PDFHaul aligns with industry-recognized security and privacy practices:

• PIPEDA compliance (Canada)
• GDPR-aligned practices (EU)
• CCPA/CPRA-aligned practices (California)
• OWASP Top 10 principles

We do not claim formal certification (e.g., SOC 2 or ISO 27001) at this time.

Security Monitoring & Incident Response

Continuous Monitoring

• Automated infrastructure monitoring
• Real-time alerting for unusual activity
• Error and performance logging

Incident Response

• Established incident response process
• Rapid investigation and mitigation
• Notification to affected users if required by law

Employee & Access Security

We apply strict internal security measures:

• Principle of least privilege for system access
• Multi-factor authentication for administrative accounts
• Secure development and code review practices

Responsible Disclosure

If you discover a security vulnerability, please report it responsibly.

Guidelines

• Provide a clear description of the issue
• Include steps to reproduce
• Do not access or modify user data
• Do not perform actions that could disrupt the Service
• Allow reasonable time for remediation

Security Best Practices for Users

You can help protect your account by:

• Using a strong, unique password
• Enabling two-factor authentication (when available)
• Keeping your devices and browser updated
• Avoiding uploads of highly sensitive or regulated documents
• Being cautious of phishing attempts
• Logging out on shared devices

Security Contact