Given the nature of our service, its not at all surprising that users have questions about the security of FileThis Fetch. When we first designed the website, we decided we wanted a very friendly, welcoming, consumer-oriented site that users would feel comfortable with, as opposed to a strictly “business” site. In keeping with this philosophy, we thought we could assure users of the security that FileThis Fetch has in place without having to list all the details. After all, it seemed obvious to us that given what the product does, it would by necessity have to be secure or we would be out of business before we even got into business. We were wrong.
Now that we understand this, I decided to personally write a blog post describing how secure FileThis Fetch really is and what we do to maintain this security. I want to assure all our users myself how seriously we take security and how it has been built into fabric of the service. FileThis Fetch was architected and built from the ground-up to be secure.
No matter what device you use, from your desktop browser to your mobile phone, your data is always sent using 128-bit SSL – the industry-standard communication security. So nobody can ever see or steal your data as it is transmitted to or from your FileThis account.
The credentials to your FileThis Fetch account, and to all your account connections – from the moment they are entered – are encrypted. On our servers and in our database, your credentials are encrypted utilizing 256-bit encryption, which is higher than the current bank security standard. Bottom line: even if a hacker could get access to your credentials on our servers (they cannot), it would be impossible for them to read any of the data.
The service is a READ-ONLY service. Our software can do nothing more than fetch and deliver your documents to you. If a third-party somehow got hold of your FileThis Fetch credentials (which is impossible unless you personally provided them with this information), they still could not get the credentials to your accounts since we never display this information in your FileThis Fetch account.
We don’t store the documents we fetch for you on our servers. They simply “pass through” from your institution to your destination of choice, so there is no security issue here. Again, all internet communications utilize industry-standard SSL encryption.
On the hardware side, FileThis employs the very reputable Rackspace cloud service. So FileThis runs on, and all the data is stored on, servers managed by a large, publicly traded company whose entire reputation rests on ensuring the privacy, safety, and security of their customers data. Our servers sit inside climate-controlled, physically secure buildings that can only be accessed by biometric scans. Need more detail?
We apply many of the bank-level security standards. This includes encryption, auditing, logging, and back-ups. We utilize third-party services to test our service for security issues – including scanning our ports, testing for SQL injection, and many other potential security weaknesses. We have also received the Verisign security seal.
If you cancel the service, your information (credentials for your account connections) do remain encrypted on our servers unless you delete the “connections” – which is recommended and easy to do if you are sure you will not be returning. If you log in to the service and delete the connections that you had set up to fetch your documents, we remove all your credential information for those connections immediately. So at that point, we would be storing nothing at all about you or your accounts.
For what it’s worth, all my personal family account connections are set up on FileThis as well. As are those of all the co-founders and key employees of the company. Bottom line is this: we take security incredibly seriously, and we are completely committed to maintaining the security, integrity and confidentiality or your information.