Who can access the pdf-temp-files
storage, and how long are files stored in it?
The pdf-temp-files
storage is a private Amazon S3 bucket that utilizes strong industry-standard encryption at rest. Uploaded and output files are temporarily stored in this bucket under highly randomized names generated using a secure random generator. Each file is set to expire in 60
minutes by default and is automatically deleted permanently from the bucket upon expiration. Depending on your subscription plan, you may increase the expiration timeout from 5
minutes to 1440
minutes (1,440 minutes = 24 hours) using the expiration
parameter. You may also remove a file directly using the file/delete
endpoint at any time.
Since the pdf-temp-files
storage is a private bucket, files are accessed via a special "signed" link using the Amazon AWS powered signed links mechanism. This mechanism provides an additional layer of security when accessing the file.
The pdf-temp-files
bucket is not included in any backups. Only our engineers have temporary access to this bucket, and 2FA is enforced and required for access. Each access session to the storage is automatically logged, and information about the files' relation to a specific user is stored separately in a different database.
For additional encryption of the file content, you may utilize user-controlled encryption. This feature provides a way to encrypt output file content with your own encryption option using industry-standard AES encryption, which is supported by all platforms, including Salesforce and others.