An honest approach to security and data protection is a top priority at fileee. In order to protect your data in the best possible way, we use a special form of encryption. You can read more about how this works in this article. We have tried to explain everything as simply as possible - even if it gets a bit technical in places.
We want to offer you the best possible product with extensive functionality. At the same time, fileee should be as secure as possible, because your sensitive documents are your business. Unfortunately, we cannot fully meet all security requirements. Perhaps you would like to have complete encryption on your devices. It would also be ideal if the data were encrypted on our servers in such a way that no one could do anything with them - not even us.Our encryption is the best compromise: the security is as high as possible, but we can still offer our service in the best possible way. In order for us to be able to show you important document information, we have to run our analysis on your documents. To do this, we need temporary access to your documents. Under 3. you will find out how uploading & analysing works. Your documents and the information are very large. In order for you to be able to work with them sensibly and access them quickly, we need high-speed encryption. Nevertheless, we want to ensure that only you have access to your uploaded documents. After the upload and after the analysis, even we at fileee cannot see your scans and the recognised text. We want to meet your high security standards. That is why we are constantly looking at how we can make our product more secure for you.
We have developed an innovative encryption that uses standardised procedures: a so-called hybrid encryption. This way, your documents are protected much more reliably than with conventional encryption. Hybrid encryption is a combination of asymmetric and symmetric encryption. For a better understanding, we explain all three here:
Symmetric encryption uses the same secret keys for encryption and decryption.
The advantage of symmetric encryption is that the procedure is very fast for large amounts of data. However, third parties can potentially gain access to the key and thus to your documents. Anyone who has access to the key can use it to read and write the encrypted data.
With asymmetric encryption, two keys exist: a private key - which only you have - and a public key - which you make available to the recipient. The recipient also has a key pair consisting of his private key - which only he has - and a public key - which he makes available to you. When you send data to the recipient, you use his public key to encrypt it and he uses his private key to decrypt it. If he sends you data, it is protected from unauthorised access with your public key. You use your private key to decrypt the data.
Asymmetric encryption is much more secure than symmetric encryption. It is much more difficult for third parties to intercept data because the private key is never given out and therefore cannot be intercepted. However, asymmetric encryptions require more computing capacity and are therefore slower.
Hybrid encryption is a combination of both types of encryption. With a hybrid method, encryption takes place in two steps. First, your data is encrypted. This is done symmetrically (see above). To protect the symmetric key from unauthorised access, the asymmetric (see above) encryption is used in the second step. Only those in possession of the private key (i.e. you) can then access the symmetric key and thus the encrypted data. In the following, we explain what this looks like with fileee and what the advantages are.
When you register with fileee, a fixed, secret key pair is generated especially for you, consisting of a so-called public key and a so-called private key. The public key is held by fileee. Only you have access to the private key. It is also stored on our servers, but is protected by your personal password. This means that we cannot access your private key either.
For each document you upload, a user-specific symmetric key is created. With the respective symmetric key, your documents, the recognised text and also the thumbnail of your scans are encrypted symmetrically (see above). The symmetric key is then encrypted asymmetrically (see above) with the public key.
The symmetric key can be decrypted with your private key. Only then can the symmetric key decrypt your documents again. These steps can only take place if you have logged into the browser with your password or if your smartphone sends a request.
Your documents and information are very large. So that you can work with them sensibly and access them quickly, we need high speed encryption. That's why symmetric encryption of your data is a good idea. If the symmetric key (which protects your documents) is encrypted asymmetrically, the computing power is much less important than if your documents are encrypted asymmetrically.
Access to your private key is password protected. Only you have your password. If you lose your password, all your documents and data are gone. In the beginning, all fileee users have the option to reset their own password. For this purpose, we save a copy of your private key so that we can access your key if you forget your password. After some time, we then offer two options to deal with your password. Either you retain the option to reset your password. fileee then has a backup copy of your private key in case of emergency. We would like to implement a procedure that ensures that we do not have access to your documents with the copy of your private key. For all those who are particularly concerned about security, we will offer an additional alternative in the future: resetting your password will then not be possible in principle. In the event of a lost password, however, your documents will still be inaccessible to you.
With fileee you do different things with your documents. You upload them, access them, make changes and share the documents. But how are your documents and data protected during all these processes? We'll explain that to you step by step.
For example, you have received your annual statement from the public utility company. After you have photographed your utility bill with the fileee app, you upload the scan to fileee. Our analysis then runs over the document so that you can search the text and important information can be displayed. What happens in the background? First, a symmetric key is created with which your document is encrypted. In order for the text recognition and analysis of fileee to run over your document, fileee receives a transition key. With this transition key, the analysis has temporary access to your scan. During the analysis, the document is decrypted. After the process is complete, the transition key is destroyed. From this moment on, fileee no longer has access to your documents. But what about the analysis results? In order for you to be able to search your documents and filter them according to the analysis results, they must be stored unencrypted on our servers.
If you want to view your statement from the public utility company in fileee, the following happens: The symmetric key can be decrypted with your private key. Only then can your document be decrypted again with the symmetric key. Because your private key is secured by your personal fileee password, you should generally do without helpful settings such as "remember password" or "stay logged in". Because anyone who has the password to your fileee account can access your documents.
When you share your utility bill with others, it can be done in two different ways. On the one hand, you can share your document publicly by sharing it with a friend or an authority via a link from fileee. Or you can share the document with another fileee user in the near future so that they can add the document to their account with one click. In both cases, the symmetric key is encrypted a second time. If you share your document publicly, a link is generated that you can send by email. Others can access your document via this link. Together with this link, a new public key is created with which the symmetric key can be decrypted. If you share your document with another fileee user, the symmetric key is copied and shared with the other fileee user. The symmetric key can then be decrypted with the private key of the other user. We are working on offering you even more security mechanisms in the future. Do you have any questions or suggestions? Write to us: support@fileee.com.
