FileSworn is designed for adversarial environments where trust cannot be assumed. We employ defense-in-depth security measures to protect your data and ensure the integrity of forensic evidence shared through our platform.
This page provides a transparent overview of our security architecture, technical measures, and limitations. We believe in honest disclosure about what we can and cannot protect.
1. Technical Security Measures
1.1 Encryption
- Encryption at Rest: All data stored on our servers is encrypted using AES-256 encryption. Files are encrypted before being stored on Supabase Storage.
- Encryption in Transit: All data transmitted between your device and our servers is protected by TLS 1.3 encryption, the strongest available transport layer security protocol.
- Key Management: Encryption keys are managed securely and never stored in plaintext. Access to encrypted data requires proper authentication.
1.2 Authentication
- OAuth Authentication: FileSworn uses OAuth 2.0 authentication via trusted identity providers (Google, Microsoft). Session-based authentication with secure token management.
- Session Security: Authentication sessions are managed server-side with secure, HttpOnly cookies. Sessions expire automatically and are validated on every request.
- No Password Storage: FileSworn delegates authentication to established OAuth providers, eliminating the risk of credential theft or password database breaches.
- Row-Level Security: Database access is enforced through row-level security policies, ensuring users can only access their own data regardless of session state.
1.3 Infrastructure
- Hosting Provider: FileSworn is hosted on Vercel's edge network, which maintains SOC 2 Type II compliance and employs enterprise-grade security measures.
- Edge Network: Content is served from geographically distributed edge locations, reducing latency and improving availability.
- DDoS Protection: Our infrastructure includes distributed denial-of-service (DDoS) protection to ensure service availability.
- Regular Security Updates: All infrastructure components are regularly updated with security patches and updates.
1.4 Access Control
- Cryptographically-Signed Share Tokens: Shared content uses cryptographically-signed tokens that cannot be forged or guessed. Tokens are single-use or time-limited based on sharing settings.
- Role-Based Access: Access to content is strictly controlled based on ownership and explicit sharing permissions.
- Access Logging: Every access to content is logged with viewer identity, timestamp, and IP address for forensic investigation and chain of custody documentation.
2. Integrity Verification
2.1 Cryptographic Hashing
- SHA-256 Hashing: Every file uploaded to FileSworn is cryptographically hashed using SHA-256 at the time of upload. The hash is stored and used for integrity verification.
- Hash Verification: Hashes are verified on every access to detect tampering or corruption. If a file's hash does not match, access is denied and an alert is generated.
- Chain of Custody: Cryptographic hashes are included in chain of custody certificates, providing proof that files have not been modified.
2.2 Tamper-Evident Audit Logs
- Immutable Logs: All access events, uploads, and system changes are logged in tamper-evident audit logs.
- Forensic Attribution: Logs record who accessed what content, when, and from where, providing forensic attribution for chain of custody purposes.
- Log Integrity: Audit logs are cryptographically signed to prevent tampering and provide proof of authenticity.
3. Forensic Watermarking
Important: We provide transparent disclosure about watermarking capabilities and limitations.
3.1 How Watermarking Works
FileSworn embeds viewer identity into every frame during playback. This includes:
- Viewer's Supabase user ID
- Viewer's email address (if available)
- Timestamp of viewing
- Session identifier
Watermarks are embedded at render time and are visible but designed to be difficult to remove without degrading content quality.
3.2 Watermarking Purpose
Forensic Attribution, Not Leak Prevention
Watermarking provides forensic attribution - the ability to identify who viewed content and when. This is valuable for:
- Investigating leaks or unauthorized distribution
- Establishing chain of custody
- Providing evidence in legal proceedings
- Deterring unauthorized sharing
Watermarking does not prevent leaks - it helps identify the source after a leak occurs.
3.3 Limitations
What Watermarking Cannot Prevent:
- External Recording Devices: We cannot prevent recording with external cameras, smartphones, or other recording devices. No software-based solution can prevent external recording.
- Screen Capture Software: While we use canvas-based rendering to make screen capture more difficult, determined users with specialized screen capture software may be able to capture content.
- Hardware-Level Recording: Advanced users with hardware-level recording capabilities may be able to capture content without watermarks.
- Determined Adversaries: Sophisticated adversaries with time and resources may be able to remove or obfuscate watermarks, though this typically degrades content quality.
4. Data Lifecycle & Deletion
4.1 Temporary Access
Files shared via Temporary Access are automatically deleted after expiration (typically 24-48 hours):
- Files are removed from active storage immediately upon expiration
- Files may persist in backup systems for up to 30 days before permanent deletion
- After 30 days, files are cryptographically erased and cannot be recovered
4.2 Cryptographic Deletion
After the 30-day backup retention period, files are permanently deleted using cryptographic erasure. Encryption keys are securely deleted, making file recovery cryptographically infeasible.
5. Honest Disclosure: What We Don't Claim
We Do Not Prevent Screenshots or Screen Recording
While we use canvas-based rendering to make screen capture more difficult, we cannot prevent all forms of screen capture or recording. External recording devices and specialized software may be able to capture content.
We Do Not Guarantee Legal Admissibility
While we provide chain of custody certificates and integrity verification, we do not guarantee that evidence shared through FileSworn will be admissible in court. Legal admissibility depends on many factors beyond our control, including jurisdiction, rules of evidence, and judicial interpretation.
We Are Not a Law Firm
FileSworn is a technical platform for secure media sharing. We do not provide legal advice. You must consult qualified legal counsel regarding the admissibility and use of evidence in your specific case.
We Do Not Guarantee Uninterrupted Service
While we strive for high availability, we do not guarantee uninterrupted or error-free service. The Service may be unavailable due to maintenance, upgrades, or circumstances beyond our control.
6. Responsible Disclosure
We encourage security researchers to report vulnerabilities responsibly. If you discover a security vulnerability:
- Email Us: Reach out to our security team at anthony@filesworn.com with details of the vulnerability
- Give Us Time: Allow us 90 days to address the vulnerability before public disclosure
- Act in Good Faith: Do not access or modify data that is not yours, do not engage in denial of service attacks, and do not violate any laws
We do not pursue legal action against security researchers who act in good faith and follow responsible disclosure practices. We appreciate your help in making FileSworn more secure.
7. Compliance & Certifications
Our infrastructure provider (Vercel) maintains:
- SOC 2 Type II compliance
- ISO 27001 certification (in progress)
- GDPR compliance capabilities
- Regular third-party security audits
We are committed to maintaining high security standards and regularly review and update our security practices.
Get Support
For security-related inquiries, please reach out: anthony@filesworn.com
Verifore Technologies LLC
Louisiana, United States