Security and data · 4 min
Data security and storage
How DefenceFile stores evidence sources, who can access them, and what encryption and isolation controls are in place.
Help baseline: 2026-06-15
Tenant isolation
Every evidence item, source file, and event is scoped to a tenant and organisation by row-level security enforced in the database. No query runs without tenant context — the RLS policy blocks cross-tenant reads even if the application layer were bypassed.
- Each tenant has a dedicated row-level security context applied on every database query.
- Cross-tenant probes are denied at the database layer, not only the application layer.
- Tenant IDs are not guessable sequential integers — they are UUIDs.
Source file encryption and access
Uploaded source files are stored in private, tenant-scoped object storage. Each file is accessed through a signed URL with a short expiry — there is no public URL to a source file.
- Files are stored in Cloudflare R2 under a tenant-scoped key prefix.
- Signed upload slots are created per-upload and expire after 15 minutes.
- Download access requires an authenticated session with the correct tenant context.
- Files are encrypted at rest by the storage provider.
Data retention and deletion
DefenceFile stores evidence and audit events for the duration of your pilot. The DPA sets out retention periods and your rights to request deletion. Contact your account owner to start a deletion request.
- Audit trail entries are retained to support post-incident review — they are not deleted on request alone.
- Source files can be replaced or superseded — deleted files are removed from the active register.
- The full retention schedule is in the Data Processing Agreement available at /dpa.
- Sub-processors are listed in the privacy notice at /privacy.
Boundary
DefenceFile help explains workflow operation. It does not provide legal advice, create privilege, certify scope, certify reasonable procedures, or guarantee that a statutory defence will succeed.
Request pilot review