Security Policy

Read our Security Policy to understand the measures we take to protect your data and ensure a safe experience.

Effective Date:

At Fortbyte.io (`we,` `us,` or `our`), security is a core part of how we design and operate our services. This Security Policy outlines the measures we take to protect user data and files, as well as the shared responsibility between Fortbyte.io and its users.

1. Security Philosophy

Fortbyte.io is designed to support the secure sharing of sensitive, time-limited files. We follow industry best practices to protect data while recognizing that no system can be 100% secure.

  • Least-privilege access
  • Defense-in-depth
  • Secure-by-default configurations
  • Shared responsibility with users

2. Infrastructure & Hosting Security

Files are stored using Amazon Web Services (AWS S3). Access is role-based and production is isolated from development. Network protections and AWS controls are used to reduce unauthorized access.

3. Data Protection

3.1 Data in Transit

Data is transmitted using encrypted connections (HTTPS/TLS). Secure communication is enforced across the platform.

3.2 Data at Rest

Uploaded files are stored securely within our storage providers. Access is restricted to authorized systems and processes.

4. Application Security

  • Authentication mechanisms protect user accounts
  • Passwords are stored using strong, one-way hashing
  • Security updates and patches are applied regularly
  • Automated and manual checks identify vulnerabilities

5. File Access & Sharing Security

Fortbyte.io provides expiring file links, optional passphrase-protected access, and controlled file availability. Users are responsible for keeping credentials and passphrases confidential and choosing appropriate expirations.

6. Monitoring & Abuse Prevention

We monitor systems for suspicious activity. Uploaded files may be reviewed to enforce our Terms of Service. Accounts involved in prohibited activity may be suspended or terminated.

7. Third-Party Services

We rely on trusted providers including AWS, Paddle, and OpenAI. These providers maintain their own security controls.

8. Incident Response

In the event of a security incident we will investigate and remediate as appropriate, and notify affected users when required by law or deemed appropriate.

9. User Responsibilities

Users are expected to use strong passwords, avoid sharing credentials, secure their devices, and manage file access responsibly.

10. Limitations

While reasonable measures are taken, Fortbyte.io cannot guarantee absolute security. Users acknowledge inherent risks of online data transmission and storage.

11. Updates to This Policy

We may update this Security Policy from time to time. Updates become effective upon posting.

12. Contact

If you discover a potential security issue or have questions, contact us at support@fortbyte.io.

By using Fortbyte.io, you acknowledge that you have read and understood this Security Policy.