Security

FileDigest is designed as a private document-preparation layer before AI work. It does not expose the processing engine key to browsers and it keeps public marketing pages separate from private dashboard artifacts.

Last updated: April 29, 2026.

In plain English: uploads are handled through private storage, processing runs server-side, and completed outputs are delivered through signed downloads after ownership checks. FileDigest prepares documents for AI; it is not a public file host.

Processing model

• browsers upload files to private storage paths
• server routes register the job and enforce plan limits
• Modal runs the Docling processing engine
• generated digest.md and manifest.json files are stored under user-owned job paths
• downloads require authenticated ownership checks and signed URLs

Access controls

Dashboard jobs and artifacts require a signed-in user. The download route checks job ownership before redirecting to a short-lived signed URL. Admin routes are separate from user dashboard routes and are marked noindex.

Data handling

Uploaded source files and generated outputs are used to provide the document-preparation service. FileDigest does not intentionally use customer documents to train AI models. Retention is plan-based: Free artifacts are short-lived, paid plans retain outputs longer, and custom retention is handled by request.

Secrets

The Modal engine API key stays server-side. Stripe, Supabase, Modal, Resend, and Sentry credentials are configured through environment variables and are not intentionally exposed to client bundles.

Limits

FileDigest enforces file count, job size, OCR access, output-token estimates, monthly token quotas, and artifact retention by plan before expensive processing starts.

Current scope

FileDigest is an early product. Custom DPA, SSO, dedicated regions, custom retention, formal SLA terms, and subprocessor-change notices are available only by request.