Security Features

PowerFolder is an in-house solution and comes with a wide range of security features such as:

Industrial standard AES/RSA encrypted transfers between servers and clients
RSA device authentication and verification
SSL support for mobiles apps, web and WebDAV
The build in at-rest encryption uses cryptomator technology
Central user management
Multi tenant system to keep organisations separated on the same system
Built-in granular permission system
Password protected/centrally controlled access to preferences in the client
Password Protection on file links
Expire Dates on file links
Maximum number of downloads for file links
Admin-controlled remote deletion (Remote Wipe commando)
Build in file versioning for overwritten and deleted files
Protection against loss of data by human error

Protection against Cross-Site-Scripting (XSS) attacks
Protection against "man in the middle" attacks
Optional cloud-malware-protect (integration of Antivirus solutions directly with the server)
Online document editing service hosted on your own infrastructure

The solution is under continuous security review internally and by partners. The Dal33t GmbH is dedicated member of the TeleTrusT Initiative "IT Security made in Germany" (ITSMIG). If you have questions regarding the security in detail or need help with the setup please let us know.

Encrypted communication

Please see the diagram below to get a basic understanding of the architecture.

Overview:

Encrypted transfers

Data transfers between the desktop clients and the server are encrypted using latest AES/RSA encryption standards.

Data transfers between the mobile apps or a browser and the server are encrypted using SSL (a certificate must be installed on the server side).

Encrypted storage

In PowerFolder Cloud all data is stored encrypted at rest using AES.

If you want end-to-end encryption of stored data using PowerFolder client- and PowerFolder server-side,please use the following third-party tools, which work very well for increased security:

Boxcryptor
Cryptomator
VeraCrypt
Make sure to uncheck "Preserve modification timestamp of file containers" in the settings / preferences of VeraCrypt.

Privacy laws

PowerFolder / dal33t GmbH and all of its departments are located in Germany and the company has no branches outside the Federal Republic of Germany.
PowerFolder / dal33t GmbH has no investors which might be bound to any other laws than those of Germany and the European Union.

Therefore only the privacy laws of Germany and the European Union apply. Our Privacy Statement can be found here

Server location

The servers of the PowerFolder Cloud and the connected anti-malware and online editing solution (ONLYOFFICE) are hosted in Falkenstein.

The high security datacenter is ISO /IEC 27001:2013 certified and operated by the Hetzner Online GmbH.

Member of IT-Security made in Germany and EU

DIN ISO/IEC 27001 of our datacenter

Pentest Certificate