Security Architecture
How we protect sensitive document collection.
Google Identity & 2FA
FileCheck's authorisation system is built on Google Identity Platform, providing secure login and identity management for all users. Business accounts are protected with authenticator-app two-factor authentication, adding a strong second layer of account security beyond passwords alone.
Time-Limited Secure Links
Client access links are securely signed, time-limited, and tied to the intended recipient and application context. Access is verified server-side before any client session is established, and client sessions are restricted in scope so they apply only to the relevant application.
Cloud Infrastructure & Compliance
Files are uploaded directly into Google Cloud infrastructure and are protected both in transit and at rest using Google's default encryption controls. The platform operates within Google Cloud's audited compliance environment, including ISO 27001/27017/27018, SOC 1/2/3, and PCI DSS. Data is hosted in Australia.
Shielded Storage Architecture
Client documents stored in cloud storage are not directly accessible by path alone. Access is mediated through backend authorization checks, and only short-lived file access links are issued when a user is permitted to view a specific document. Sensitive documents are stored separately from permissions and workflow data, so client information is not kept together as a single complete record in one place. This separation reduces exposure and supports tighter access control boundaries across the system.
Abuse Protections & Visibility
Access to sensitive document viewing and downloading is subject to daily limits appropriate for normal business use. Additional abuse protections and rate limiting help reduce automated misuse and suspicious activity. Access to documents and key client actions can be logged, providing a traceable record of important activity. Users are limited to the businesses, applications, and documents their role specifically allows, supporting a least-privilege access model.
Google App Check Verification
Backend services are further protected by Google App Check, helping ensure that sensitive functions are called only from trusted instances of the application rather than from unauthorized or automated clients.
Session Management & Regional Control
Client sessions are temporary and limited to the specific application they were created for. Access can also be cut off automatically when an application is completed or closed, or when a session or access link expires. Sign-up access is regionally controlled by default and can be extended only through secure invitation flows. This helps reduce unauthorized registration attempts while still allowing invited users to onboard in a controlled way.
A Materially Safer Approach
The platform is designed to be materially safer than collecting documents through email attachments. Instead of documents being copied, forwarded, and stored across multiple inboxes and devices, they are uploaded into a controlled, access-restricted, time-limited, and auditable system. Together, these safeguards create a secure document collection environment that offers significantly stronger control and visibility than traditional email-based exchange.
Why Authenticator is considered the strongest form of 2FA
Authenticator apps are widely considered the gold standard for personal and business security because they eliminate the "telecom link" in your security chain. Unlike SMS, which transmits sensitive codes over unencrypted cellular networks vulnerable to SIM swapping and interception (like the 2024 Salt Typhoon breach), an authenticator app generates Time-Based One-Time Passwords (TOTP) locally on your device's hardware. This means even if a hacker hijacks your phone number through your carrier, they still cannot access your accounts because the "secret key" used to generate your codes never leaves your physical MacBook or phone.
Furthermore, authenticator apps provide a level of reliability and privacy that SMS cannot match. Because the codes are generated mathematically using the current time and a shared secret, they work perfectly offline—whether you’re in a basement with no signal or on an international flight—without the latency or "delivery failed" issues common with international SMS gateways. For a developer or business owner managing multiple entities, this method also protects your privacy by ensuring you don't have to share your personal mobile number with every service you use, effectively closing a common vector for tracking and social engineering.
Client Tokens
The client links use HMAC-SHA256 cryptographic signing, which means each token is signed with a server-only secret so any change to the token contents invalidates it immediately. The payload is also time-limited and validated server-side before access is granted.
Safer than Email
This architecture is materially safer than collecting documents through email attachments because access is controlled at every step, rather than relying on documents being forwarded, downloaded, and stored across multiple inboxes and devices. Clients upload into a restricted system using signed, time-limited links, and staff access is governed by authenticated roles and server-side checks instead of whoever happens to possess an email thread.
It is also safer because the documents are not simply attached to messages and copied around indefinitely. Files are stored in locked-down cloud storage, metadata and permissions are kept separately, and file access is issued only when specifically authorized, using short-lived access tokens. That sharply reduces the risk of uncontrolled duplication, accidental forwarding, and long-term exposure through old email archives.
The platform also provides much stronger visibility and control than email. Access can be revoked, links can expire, sessions can be restricted, activity can be logged, and records can be tied to a single business and application context. With email attachments, once a document is sent, control is largely lost; with this architecture, access remains managed, time-bound, and auditable throughout the document collection process.
For more information on how FileCheck keeps your information secure, contact support@filecheck.com.au