← Back to Home

🛡️ Security at FatCat

How we protect your files, your data, and your privacy.

🔐 Encryption

In Transit

All data is encrypted with TLS 1.3 via Cloudflare. No unencrypted connections are accepted.

✓ Active

At Rest

Files stored on Cloudflare R2, Backblaze B2, or AWS S3 are encrypted with AES-256 by default.

✓ Active

🔒 Zero-Knowledge (BYOB Mode)

With our Bring Your Own Bucket plan, you provide your own S3/R2/B2 credentials. The FatCat desktop app uploads directly to your infrastructure.

FatCat servers never store or access your file content
Only metadata (filenames, sizes, timestamps) passes through our API
Your encryption keys stay on your infrastructure
Full audit trail via your cloud provider's logging

🇪🇺 GDPR & Privacy

FatCat is built with privacy by design. We process the minimum data necessary to deliver the service.

EU data processing via Cloudflare (EU endpoints available)
Data Processing Agreement (DPA) available on request
Right to access, delete, or export your data at any time
No tracking cookies — no consent banner needed

☁️ Infrastructure

FatCat relies on industry-leading cloud providers with their own compliance certifications:

Provider	Role	Certifications
Cloudflare R2	File storage & CDN	SOC 2, ISO 27001, PCI DSS
Hetzner Infrastructure	Native PostgreSQL DB	ISO 27001
Vercel	API & hosting	SOC 2 Type II
AWS SES	Transactional email	SOC 1/2/3, ISO 27001

📋 Vulnerability Disclosure

We believe in responsible disclosure. If you find a security vulnerability, please report it.

Report a vulnerability: Submit a security report →

We acknowledge reports within 48 hours. We will not take legal action against researchers who act in good faith. See our full Security Policy for scope and safe harbor details.

🏅 Compliance Roadmap

CSA STAR Level 1

Cloud Security Alliance self-assessment — Registered.

✓ Active

G2 Trusted Provider

Verified organic reviews from IT professionals.

★ Reviewed

SOC 2 Type I

Third-party audit planned for Q4 2026.

Planned Q4 2026

Last updated: March 2026