Security Information
- Bernhard Rutkowsky (Unlicensed)
- Christian Sprajc
- Daniel Maletz (Unlicensed)
- Florian Lahr (Unlicensed)
Security Features
PowerFolder is an in-house solution and comes with a wide range of security features such as:
- Industrial standard AES/RSA encrypted transfers between servers and clients
- RSA device authentication and verification
- SSL support for mobiles apps, web and WebDAV
- The build in at-rest encryption uses cryptomator technology
- Central user management
- Multi tenant system to keep organisations separated on the same system
- Built-in granular permission system
- Password protected/centrally controlled access to preferences in the client
- Password Protection on file links
- Expire Dates on file links
- Maximum number of downloads for file links
- Admin-controlled remote deletion (Remote Wipe commando)
- Build in file versioning for overwritten and deleted files
- Protection against loss of data by human error
- Protection against Cross-Site-Scripting (XSS) attacks
- Protection against "man in the middle" attacks
- Optional cloud-malware-protect (integration of Antivirus solutions directly with the server)
- Online document editing service hosted on your own infrastructure
The solution is under continuous security review internally and by partners. The Dal33t GmbH is dedicated member of the TeleTrusT Initiative "IT Security made in Germany" (ITSMIG). If you have questions regarding the security in detail or need help with the setup please let us know.
Encrypted communication
Please see the diagram below to get a basic understanding of the architecture.
Encrypted transfers
Data transfers between the desktop clients and the server are encrypted using latest AES/RSA encryption standards.
Data transfers between the mobile apps or a browser and the server are encrypted using SSL (a certificate must be installed on the server side).
Encrypted storage
In PowerFolder Cloud all data is stored encrypted at rest using AES.
If you want end-to-end encryption of stored data using PowerFolder client- and PowerFolder server-side,please use the following third-party tools, which work very well for increased security:
- Boxcryptor
- Cryptomator
- VeraCrypt
Make sure to uncheck "Preserve modification timestamp of file containers" in the settings / preferences of VeraCrypt.
Privacy laws
- PowerFolder / dal33t GmbH and all of its departments are located in Germany and the company has no branches outside the Federal Republic of Germany.
- PowerFolder / dal33t GmbH has no investors which might be bound to any other laws than those of Germany and the European Union.
Therefore only the privacy laws of Germany and the European Union apply. Our Privacy Statement can be found here
Server location
The servers of the PowerFolder Cloud and the connected anti-malware and online editing solution (ONLYOFFICE) are hosted in Falkenstein.
The high security datacenter is ISO /IEC 27001:2013 certified and operated by the Hetzner Online GmbH.
Member of IT-Security made in Germany and EU
Pentest Certificate
