Everything you need to evaluate DocFila for your team or your enterprise: certifications, sub-processors, system status, legal documents, and disclosures — all in one place.
Active audit. Latest report available to Business and Enterprise customers under NDA. Email security@docfila.com.
Standard Data Processing Addendum (Art. 28) included for every paid plan. EU representative under Art. 27 listed in DPA.
Business Associate Agreement available on request for Business; included by default for Enterprise. PHI workloads on isolated infrastructure.
Certification path scoped for the next 12 months. Controls already mapped to ISO 27001 Annex A.
We use a small number of carefully vetted sub-processors. The current list:
Compute, storage, KMS. US (default) and EU regions. SOC 2, ISO 27001, HIPAA-eligible services.
Authentication, real-time sync, hosting. Subset of GCP, same compliance posture.
Payment processing only. PCI-DSS Level 1.
Transactional email. SOC 2 Type II.
LLM inference for AI features. Zero-data-retention agreements in place. Customer data is never used for training.
Error tracking. PII scrubbed at SDK boundary; document content never sent.
Email us to subscribe to sub-processor change notifications (30-day notice for new additions).
Real-time service status and incident history at status.docfila.com.
99.9% uptime on Business; up to 99.99% on Enterprise. Service credits for breaches per the MSA.
Active-active across multiple GCP regions. Encrypted backups in a secondary region with RPO < 5 min, RTO < 1 hr.
Quarterly disaster-recovery drills with full failover testing.
Your documents are never used to train models. Period.
US (default) or EU (Frankfurt + Belgium) on Business and Enterprise plans. Pinned per workspace.
Export everything — documents, metadata, signatures, audit logs — in standard formats at any time.
Hard-delete on request within 30 days. Cryptographic erasure of encrypted backups via key destruction.