Our layered approach to security keeps your documents safe. Expertly designed systems, application features, and controls work together to safeguard your information. Each layer builds on the next, ensuring your virtual data room is a secure environment.
Your documents are the valuable assets that our security model is built to protect. Our data room functionality allows you to monitor, control, and remove access to any document from any user, at any time.
Control who can see each document, how they can access it, and for how long.
Utilize advanced digital rights management (DRM) to protect documents and avoid offline leaks.
Designate documents that users can only view from a specific IP address and computer.
Remove access to a file remotely in an instant.
Set time limits on how long a confidential document is viewable, no matter where it goes.
Protect personally identifiable information prior to sharing a file with external parties, as required by GDPR in Europe and PIPEDA, PIPA, and HIPAA in North America. Learn more
Our user permissions enable you to control your data room access at a granular level — from site, to project, down to the folder, and even document level. Let the data room handle authentication, notifications, and monitoring for you.
Add users, set their access levels, and make sure they can only see the documents you want them to see.
Ensure users can only access the VDR from specific IP addresses.
Set the number of password attempts before a user is locked out, see reports that show incorrect logins, and prompt users to change their password after a determined number of attempts.
Reduce the risk of password theft by requiring users and administrators to login with two factors, such as a password plus a unique one-time pin (OTP).
Enable SSO to integrate a data room login with an existing identity provider for maximized user security.
The virtual data room is where documents and users interact. As a secure environment, it makes sure that each one of your documents is available to each of your authorized users, while protecting against unwanted third parties.
Gain insight by monitoring when each user logs on to the data room, which files they access, and how much time they spend with documents.
Maintain peace of mind with automatic backups of your data. Our data rooms are redundantly replicated on devices across multiple facilities in an Amazon S3 region.
Rely on our tested systems. An independent third party conducts annual penetration testing to audit our internal secure development practices.
Trust our regular automatic scans that detect any possible vulnerabilities and alert us immediately in the event that we need to remediate them. This proactive monitoring is constantly updated with the latest reported threat definitions to detect systems, services, and applications that may be vulnerable. Learn how to safely report a suspect vulnerability by reviewing our Vulnerability Disclosure Policy.
Adhere to the highest data protection standards with our maintained A+ score on ssllabs.com. Data transmission over the public internet is encrypted using a TLS (TLS 1.3) connection to ensure the confidentiality and integrity of the data uploaded. Data at rest is stored in Amazon S3, which utilizes AWS-KMS managed keys.
Select the appropriate option for your organization from our three document retention policies available to subscription clients. The policies govern the period of time that deleted documents will be retained and recoverable before being permanently deleted from the data room and provide options to best fit your data security, error-mitigation, and document retention obligation needs.
Everything relating to your virtual data room — from the way the bytes in your document are delivered to you, to the way Firmex employees are logged when speaking to your users — is compliant with major standards and protocols. There are many parts to our extensive security ecosystem.
We are compliant with SOC standards for the secure handling of information within a service organization. Specifically, Firmex adheres to SOC 2 trust services criteria of security, availability, and confidentiality, which require that the system is protected against unauthorized access, use, or modification, and is available for operation and use as committed or agreed. Our controls and procedures are audited annually by SOC auditors.
We are compliant with the EU and UK General Data Protection Regulation (GDPR) Requirements for Data Processors. Firmex offers its customers a choice of three locations to store document data: EU (Germany), Canada, and the U.S. Metadata and user information is stored in Canada. The European Commission has determined that Canada is a safe place to store Personal Data under article 45 of Regulation (EU) 2016/679. No document data is transferred to the U.S. unless chosen as the document storage location. Learn more about how Firmex protects your data to comply with GDPR and other privacy regulations in our privacy notice here.
We are compliant with the Health Insurance Portability and Accountability Act of 1966, requiring multiple technical, physical, and administrative safeguards. Our compliance is verified at the highest levels of HIPAA’s privacy, security, and breach notification assessments. Please click here to find out more and see our HIPAA certificate.
Firmex Toronto
110 Spadina Avenue, Suite 700
Toronto, ON, Canada M5V 2K4
Firmex London
The Leather Market
11-13 Weston Street, Unit 12G2
London, England SE1 3ER
Firmex Costa Rica
Building C14, 4th Floor,
America Free Zone
San Francisco, Heredia
Costa Rica, 40103
N. America +1.888.688.4042
Europe +44 (0) 20.3371.8476
International +1.416.840.4241
Australia +61.180.087.9509