HIPAA-Compatible Security Options
To process sensitive data in a HIPAA-compatible manner, adjust the following settings:
- Enable Strict API Logs mode. On the Account Security page, switch to the
API Logs
tab and enableStrict API Logs
mode. This sets PDF.co to automatically redact all input and output links and data from API logs. - Restrict account access to your IP addresses only. On the Account Security page, switch to the
IP Allowlist
tab, enable and edit theIP Allowlist
, and set the IP addresses of your application or server to limit access to your account from these IP addresses only. - Encrypt your documents before sending them to PDF.co (using PDF encryption). To enable PDF.co to read your password-protected PDFs, set the
password
parameter to the PDF password (supported by almost all endpoints). - Encrypt your files in your app with strong AES-256 encryption before sending them to PDF.co. To allow PDF.co to read strongly encrypted files, set user-controlled data decryption options via the
profiles
parameter, as described here. - Configure PDF.co to encrypt output files with AES-256 encryption. To set PDF.co to encrypt output files, set user-controlled data encryption options via the
profiles
parameter, as described here. - Set a faster expiration for output files. Set the
expiration
parameter to1
(minute) or even less to ensure the file link is disabled within1
minute. By default, files are removed in60
minutes (1
hour). - Alternatively, add code to your app to delete the output file via the API. Use the
file/delete
endpoint to forcibly remove the output file once it is no longer needed. - Avoid using the
cache:
prefix with any input links, if applicable. - Refrain from using links from Google Drive, Dropbox, or similar free services. Instead, utilize the built-in secure PDF.co files storage to store your input files, such as PDF templates and images. Files from this storage cannot be accessed outside the API.
We also offer an on-premise version of the PDF.co API, which can be run on your own server with your local or private cloud storage. Contact us to request a quote.