Security at Docuwi

Last updated: May 11, 2026

We build Docuwi so you can store and work with important documents with confidence. This page summarizes our security practices at a high level. It is not an exhaustive technical specification and may be updated as our infrastructure evolves.

Security principles

• Defense in depth: multiple layers of protection around accounts, data, and operations.
• Least privilege: access to production systems and customer data is limited to what is needed for legitimate work.
• Encryption: data is protected in transit and at rest using industry-standard algorithms and key management practices appropriate to our environment.

Account access and authentication

• Passwords and sign-in flows are designed using modern authentication practices.
• Multi-factor authentication (MFA) is available to add a second factor to your account. We strongly recommend enabling MFA.
• Session and token handling follow current best practices to reduce the risk of session hijacking.

Data protection

• In transit: communication between your browser or app and our services uses TLS (HTTPS) where applicable.
• At rest: stored content and backups are protected using encryption and access controls aligned with our cloud provider’s capabilities.
• Separation: customer data is logically separated within our systems; operational access is restricted and audited where tooling supports it.

Infrastructure and operations

• The Service runs on reputable cloud infrastructure with physical and network controls managed by our providers as part of their compliance programs.
• We apply patching and configuration hardening to reduce known vulnerabilities.
• Logging and monitoring help us detect anomalies and respond to incidents.
• Backups support resilience and recovery; backup data is also protected.

Product security features

Depending on your plan and configuration, the Service may include features such as:

• Role-based or account-level controls for sensitive actions.
• Optional sharing links with limited scope and lifetime, so you can collaborate without exposing your entire library.

Incident response

If we become aware of a security incident that affects your personal data, we will investigate, take steps to contain and remediate the issue, and notify affected users and regulators as required by applicable law.

Responsible disclosure

If you believe you have found a security vulnerability in Docuwi, please email [email protected] with a clear description and steps to reproduce. Do not perform testing that could harm other users or the stability of the Service (for example, no denial-of-service attacks without prior written agreement).

We appreciate coordinated disclosure and will work with you in good faith.

Your responsibilities

Security is shared. You can help by:

• Using a unique, strong password and enabling MFA.
• Keeping your devices and browsers updated.
• Not sharing your credentials or leaving sessions unlocked on shared computers.
• Reporting suspicious activity to [email protected].

More information

• Privacy Policy: how we collect and use personal data — see the Privacy page in the app or at https://docuwi.com/legal/privacy (or your deployment’s equivalent URL).
• Terms of Service: rules for using the Service.

Contact

Security questions: [email protected].