We protect your data.
And your company.

We know how critical data security is, and we go to great lengths to make sure that your business data is kept safe. From our secure FTP hosting with extensive customer-accessible security options to our fully redundant infrastructure, to our real-time backup system, you can rely on ExaVault to keep your data secure and your business running.

Start Your Free Trial

Physical Security

We use best-in-class carrier-grade data centers to house all your data, which are SOC 2 Type 1/2 Compliant and ISO 27001 Certified.

Firewall & Intrusion

We employ redundant firewalls and intrusion detection systems to keep your data safe.

Security Options

We offer numerous security controls in our software for both the web interface and S/FTP transfers – from complex password enforcement to accounts that automatically expire.

Audit & Control

All activity in every account is logged to an immutable log that can't be modified even by administrators.

Data Protection Is Our First Priority

Customer and User Security Options

It starts with you. Every account includes a number of security specific features that can be enabled, to help limit access to only authorized users.

Whether you transfer files via automated secure FTP connection or log in and download files through our secure web interface – you can lock your data down as much as you’d like.

  • Add IP address restrictions to allow connections from only those devices you specify.
  • Optional complex password enforcement keeps your users from creating accounts with easy-to-guess passwords.
  • Optional secure-only mode forces connections on secure file transfer protocols ( e.g. SFTP ) and disallows connections on legacy protocols such as FTP.
  • Home directories restrict your users to only the information you want them to see.
  • Shares and users can be set to expire on a certain date, to prevent future access.

File & Data Integrity

Keeping data safe, whether in transit or at rest, is critical to the smooth operation of your business file transfers. We back up data to servers in multiple locations in near-realtime, and have a number of features to ensure your files are transmitted safely and securely.

  • All files are backed up in realtime to our primary data center.
  • All data is backed up in near-realtime to our secondary disaster recovery data center.
  • Data is encrypted in transit via SFTP, FTPS or HTTPS (Unencrypted plain FTP is also available but can be disabled, only allowing secure file transfer protocol.)
  • All protocols support resume functionality if a file transfer is interrupted.

Computer & Network Security

We’ve gone to great lengths to design our platform with security as a core requirement. We run a custom built cloud infrastructure, which we fully control all the way down to the hardware level. We employ multiple firewalls, monitoring and intrusion detection systems, and isolate each customer’s data, all to keep your files safe & secure on our S/FTP servers.

  • ExaVault servers run only our data storage platform and keep a high security profile (minimum ports open, etc.)
  • Access to all equipment (servers, firewalls, etc.) is logged and monitored for intrusions or other anomalies.
  • Multi-layered set of monitoring and intrusion protection systems in place, including firewalls at the edge and internal controls on access to databases, customer data storage, and other key resources.
  • All encrypted traffic uses an SSL certificate with a 2048 bit private key, employing TLS v1.2.
  • Regular security audits are conducted by internal staff a third-party auditing firm.

Physical Security

ExaVault owns and physically controls all of our own infrastructure. All equipment and servers are housed in best-in-class carrier-grade data centers. Each data center is SOC 2 Type 1/2 Compliant and ISO 27001 Certified, and has a bevy of infrastructure and on-site security features.

  • Data center staff onsite 24/7/365.
  • Sign-in/sign-out required for all personnel.
  • CCTV / IP-DVR systems cover all aspects of each facility.
  • Four-factor biometric verification is required to access the data center floor.
  • Regular and randomized security patrols conducted.
  • Data centers are SOC 2 Type 1/2 Compliant and ISO 27001 Certified.
  • Data centers employ N+1 redundant electrical, mechanical, and life safety systems.

Uptime and Redundancy

File storage and transfer is only useful if it’s accessible. With this in mind, we’ve structured our secure FTP and file transfer service to maximize available uptime.

Our network and server infrastructure is fully redundant, from our incoming network feeds all the way down to data on disk. Our deployment processes allow upgrades to be performed with no downtime.

  • Redundancy at every level: firewall, network, application servers, database servers, storage layer, and more.
  • Secondary disaster recovery facility able to take over for a primary facility failure.
  • Software maintenance process is designed to allow for upgrades without downtime.
  • Disaster recovery plans are in place, reviewed, and updated regularly.
  • Third party monitoring for ExaVault services provided via Pingdom.

Audit & Control

Audit logs are critical for both informational and compliance purposes. ExaVault provides immutable audit logs for every transaction in your account, whether by your account administrator or a public-facing restricted user.

  • Every transaction by every user is recorded - upload, download, move, copy, rename, share, delete & more.
  • Audit logs are immutable. No one, including the account administrator, may change or delete them.
  • Search and filter capabilities provided to quickly find a transaction in question.


Building a secure system is only half the battle. Keeping it secure is equally important. ExaVault performs regular audits and trainings using internal and third-party tools to make sure our platform is secure.

  • Code audits on any new code to ensure security and compatibility.
  • Regular internal training on security best practices.
  • Regular infrastructure tests using internal and third-party tools to identify and patch vulnerabilities.
  • Third party testing performed monthly, with intensive testing performed annually.
  • Strong terms of service and data privacy policy, with customization available for enterprise clients.

GDPR Compliance

The European Union's GDPR (General Data Protection Regulation) affects every business processing data for customers in the EU & UK. ExaVault and its sub-processors are GDPR-compliant.

  • ExaVault is Privacy Shield certified, and we can lawfully collect, receive, and process personal data from the EU & UK.
  • ExaVault is committed to maintaining privacy and data security through privacy by design.
  • ExaVault regularly reviews and updates our internal processes, policies, and technical safeguards to ensure our ongoing compliance. For more information, see our GDPR page.