FileJoy
Sign inGet Started
Documents & Uploads

How we keep your documents secure

Updated January 15, 20263 min read

Security Is Our Top Priority

Tax documents contain some of the most sensitive personal information there is—Social Security Numbers, income details, bank account numbers. We take every precaution to keep your data safe.

Encryption

Data in Transit

All data transmitted between your browser and FileJoy's servers is encrypted using TLS 1.3 (the latest standard). This means no one can intercept your data while it's being sent.

Data at Rest

Your documents and personal data are encrypted at rest using AES-256-GCM encryption—the same standard used by banks, government agencies, and military organizations. Even if someone gained physical access to our servers, they couldn't read your data.

Document Storage

Uploaded documents are stored in AWS S3 with server-side encryption enabled. Each file is encrypted individually, and access is restricted through strict IAM policies.

SSN Encryption

Social Security Numbers receive an additional layer of protection. They are encrypted separately at the application level before being stored, using dedicated encryption keys. Only the last four digits are ever displayed in the FileJoy interface.

Authentication Security

Session Management

  • Sessions use **HttpOnly cookies** that can't be accessed by JavaScript, preventing XSS attacks
  • Session tokens are cryptographically signed and expire automatically
  • Logging in from a new device invalidates old sessions

Multi-Factor Authentication (MFA)

FileJoy supports two-factor authentication for an extra layer of security. When enabled, you'll need both your password and a code from your authenticator app to log in. We strongly recommend enabling MFA for all accounts.

Rate Limiting

To prevent brute-force attacks, login attempts are rate-limited. After 5 failed attempts, your account is temporarily locked for 15 minutes.

What We Don't Do

  • We **never sell** your personal data or tax information to third parties
  • We **never share** your data with advertisers
  • We **never store** your password in plain text (only salted, hashed versions)
  • We **never access** your data without your explicit authorization

Tips for Keeping Your Account Secure

  • **Enable MFA** — It's the single most effective thing you can do to protect your account
  • **Use a strong, unique password** — Don't reuse passwords from other sites
  • **Log out on shared devices** — Always log out when using a public or shared computer
  • **Keep your email secure** — Your email is used for password resets, so protect it too

Was this article helpful?

Let us know if we can improve this article

Related articles

Two Factor AuthUpload Tax Documents

Browse more

📚 All articles📖 Step-by-step guides📁 More in Documents & Uploads

Still stuck?

Our support team is ready to help.

Contact support