content snare
Login
Start My Trial

Security & Compliance

The security of your and your client's data is the most important part of what we do.

Introduction

Content Snare is a cloud-based platform for document collection, requesting files or gathering information from clients.

It's the more productive alternative to email, online documents and shared folders. It keeps confidential documents out of email.

We take security seriously and it's our top priority to protect your organization and clients.

Content Snare uses modern industry standards and best practices for application security.

Trust Center

To provide complete transparency and assurance, you can view our security controls, policies, and compliance certifications in our Trust Center.

This centralized hub gives you real-time access to our security posture, including compliance with industry standards and our ongoing commitment to safeguarding your data.

You may also see uptime and reliability on our status page.

User Authentication

Logged in users can enable two-factor authentication (2FA) to strengthen account security and prevent unauthorized access. Account administrators also have the option of enforcing 2FA for all users within their organization, adding a layer of security before account access is granted.

Encryption

All data in transit is encrypted between source and destination using SSL/TLS with RSA 2048 key encryption. This includes data between the client application and the API server, and the API server and the database. Encryption at rest is also applied to the database.

In addition, all passwords are salted and encrypted to protect against unauthorized access. Stored answers are encrypted separately, with a unique encryption key assigned to each company.

Data Centres

Our infrastructure is provided by Amazon Web Services (AWS), an industry-standard in hosting. Like us, they treat security as a top priority. You can read about their superior visibility, control and permissions here.

Network isolation

All network infrastructure, with the exception of the load balancer, resides within a virtual private subnet. This ensures that only the load balancer is Internet-facing.

The virtual private subnet ensures that direct communication from the client application to the server, database and storage servers cannot be achieved, thus increasing security through layers of defense.

All links to the stored files are served using temporary time-based signatures allowing the file to be indirectly accessed only after authentication.

Firewalls

Firewalls sit between the Internet and the load balancer and the load balancer and the API server to create a DMZ between the Internet and the virtual private subnet.

A firewall is also located between the API server and the database and file storage servers to ensure that only whitelisted IP addresses have direct access to the database and storage servers.

Middleware on the API server also provides a level of protection by implementing additional security protocols such as automated IP address throttling and temporary IP address blocklisting.

Authentication

All database read/write actions require authentication. Authentication is processed on the server during the login handshake and a short lived access token is provided to the client application allowing access to authenticated API requests. The access token is renewed regularly (at less than 5 minute intervals) to remove the risk of stolen authentication keys.

Role based authentication is also undertaken by the API server for each request and only operations allowed by the specific role will be processed by the API server. In addition, company based authentication is performed to ensure that a user from one company cannot access or write data to another company entity.

To protect against common password attacks, the system maintains a real time list of the most commonly used and compromised passwords. Users attempting to sign up or update their credentials with weak passwords (such as password123) will be required to choose a stronger alternative. This measure significantly reduces the risk of brute force or credential-stuffing attacks.

Throttling

The system enforces throttling on repeated authentication failures to protect against brute force attacks and unauthorized access attempts. Incorrect password or pincode attempts trigger increasing delays between each attempt to significantly slow down guessing attempts. If multiple incorrect attempts continue, access to the account is temporarily blocked.

This security measure is enforced on an account basis rather than by IP — even if an attacker uses multiple devices, our system will still detect and restrict repeated login attempts. This is crucial for pincode security because a finite number of possible combinations cannot be exploited through rapid guessing.

If an account is blocked due to too many failed login attempts, we provide a secure method for users to regain access. Affected users will be required to verify their identity through our support team, who will guide them through the reactivation process to make sure the account remains in the rightful owner's hands.

Password Management

Passwords are never stored in plain text within the database. An individual hash and salt is stored for each user ensuring compromise of one password will not allow other passwords to be obtained.

Passwords are never stored in any logs.

Development Framework

All server side software is scanned in real time to test for common and 0-day security vulnerabilities within the software framework and libraries used. All vulnerable libraries are replaced or patched to ensure the vulnerabilities are removed 

The latest framework versions are also used on both client and server applications ensuring the latest security principals are adopted.

Staff Accessibility

Employees and contractors use a password manager that enforces strong passwords. They are only authorized to access data that they need to carry out their duties.

Multi-factor authentication is enforced on all platforms that allow it.

For assistance in setting up accounts, you may grant our support staff access. This can only be granted by an administrator of your account, and can be revoked at any time.

Logging & Alerts

Content Snare is continually monitored for downtime, errors and access. Logs are maintained for analysis and debugging. Critical alerts are flagged with our engineering team immediately.

Backups & Disaster Recovery

Regular backups are distributed across several physical locations. Both files and database can be restored to a specific point in time over the last 14 days, or a full recovery can be initiated from a snapshot.

Our backup and recovery procedure ensures a minimum disruption of service in the event of a total failure.

Data Protection & Privacy

We are committed to data production regulatory requirements (such as GDPR) and privacy.

Our privacy policy covers:

  • Your privacy rights
  • How we collect and use your personal data
  • Cookie policy

You can read about our data protection in our Privacy Policy, Data Processing Agreement and End-user License Agreement.

We actively monitor regulatory guidance changes to ensure we continue protecting your data.

Questions

If you have any questions, please contact us.

lockcrossmenuchevron-uparrow-right