Security & privacy

How Stoatify protects your data

The security model in plain terms: proxied I/O, verified identity, and access control.

4 min read · Updated June 28, 2026


Privacy is the point of Stoatify, so security isn't a feature bolted on, it's the architecture. Here's the model in plain terms.

  • Proxied file I/O. Your browser never talks to storage directly. Every byte flows through the Stoatify API behind your login, there are no public buckets and no direct-to-storage links.
  • Encrypted in transit. All traffic is served over HTTPS, and your files are encrypted at rest by the storage provider.
  • Identity-verified requests. Every request carries a verified sign-in token; your identity is never taken from what the client claims.
  • Access control everywhere. Every query is scoped to your organization, and per-document restrictions are enforced on read, write, and delete. A document you can't see returns a plain "not found", so its existence isn't even revealed.

For previews and downloads, Stoatify mints signed, short-lived links so an image or a download can be authorized without exposing storage, and they stop working the instant a document is trashed. See How links stay secure.

Good to know

The server does read your documents, to extract text and render previews, so this is strong access control, not end-to-end encryption. See Encryption, explained.

Tip

For the full write-up, see the Security page on our main site.

Was this article helpful?

Ready to try it?

Open your vault and put this into practice.

Open app