Security
Your clients trust you with sensitive documents. Here's how Doxxiom keeps them safe.
Encryption everywhere
All data is transmitted over TLS/HTTPS. Files stored on our servers are encrypted at rest with AES-256 server-side encryption. Your documents are protected both in transit and at rest.
Private storage with signed URLs
Uploaded files are stored in a private bucket — they are never accessible via a public URL. When you or your client needs to download a file, Doxxiom generates a cryptographically signed, time-limited URL that expires after one hour. Even if a link is shared, it becomes useless once expired.
Row-level security
Access control is enforced at the database level using row-level security (RLS) policies. Professionals can only see their own clients, requests, and documents. Clients can only access the specific requests sent to them.
Passwordless authentication
Clients access the portal through magic links — single-use, time-limited authentication tokens sent to their email. No passwords to create, remember, or leak. Each link expires after one hour and can only be used once.
Zero File Residency
For organizations that need an extra layer of control, Zero File Residency mode ensures that uploaded files are forwarded to your connected cloud storage and then permanently removed from Doxxiom servers. Only metadata is retained — we don't hold on to the actual documents.
Audit trail
Every action — document uploads, approvals, rejections, deletions, and configuration changes — is logged with a timestamp, actor, and description. You can export the full audit trail to CSV for compliance or record-keeping.
Infrastructure
Doxxiom runs on Vercel's edge network and Supabase's managed PostgreSQL and S3-compatible storage. Both platforms are SOC 2 Type II compliant. Data is hosted on AWS infrastructure.