GDPR-compliantfile transfer.No ifs or buts.
GDPR Art. 32 requires ‘state of the art.' SecureFiles meets it by default: encryption, integrity control, access control, logging. European hosting, EU jurisdiction, no CLOUD-Act exposure. For businesses that don't leave compliance to chance.
Four structural gaps that standard mail, WeTransfer, and US cloud solutions no longer close in 2026.
Unencrypted SMTP does not meet ‘state of the art.' With Art. 9 categories (health, religion, ethnicity) the violation becomes fineable.
The US CLOUD Act (2018) obliges US companies to disclose data regardless of storage location. Dropbox, Google, Microsoft, all affected. EU hosting alone doesn't protect.
GDPR Art. 17 requires the right to deletion. Without a retention policy and automatic deletion, every manual promise remains unprovable.
The Records of Processing Activities (ROPA) per Art. 30 needs provable log structures. Standard email doesn't provide them.
Accountable, traceable, erasable: SecureFiles meets Art. 32 GDPR via technical and organizational measures, documents downloads and uploads, deletes automatically after retention, and delivers a DPA, C5-aligned controls and audit exports.
Hosting exclusively in the EU, no US cloud intermediate layer.
DPA (GDPR Art. 28) and supplementary clauses prepared.
Audit log with downloads, uploads, IP hash and retention events.
Technical and organizational measures translated into concrete features.
TLS 1.3 during upload and download, AES-256 at rest. Optional client-side zero-knowledge, the operator cannot decrypt.
Data residency on ISO-27001-certified EU cloud infrastructure in the EU. Cloudflare DPA with EU standard clauses; no extraterritorial disclosure obligation.
Every transfer, every download, every policy violation in the central, exportable audit log. IP hashing protects log privacy.
Not as an add-on, included in every SecureFiles license.
Encryption, pseudonymization, integrity control, resilience, every technical and organizational measure mapped to concrete features.
Audit log, access control, incident response hooks, and retention cover the Art. 21 minimum requirements of the NIS-2 directive.
Ready-to-sign data processing agreement per GDPR Art. 28 on request, with subcontractor list and standard clauses.
Automatic deletion after configurable retention. Deletion is cryptographically effective, not just marker-based.
EU jurisdiction, the EU. No US parent as operating entity. DPA with subcontractors (Cloudflare) per EU standard clauses.
Per-tenant overview of all active transfers, retention settings, data subject rights management. Deletion requests processable by click.
Direct mapping of GDPR obligation to product feature.
SecureFiles | Typical US cloud service | |
|---|---|---|
| Encryption state of the art | TLS + AES-256 + optional E2E | Often TLS only, no E2E |
| EU jurisdiction | Yes, the EU | Often US provider |
| DPA available | Ready-to-sign template | Individually negotiable or missing |
| Audit log Art. 30 | Standard | Rudimentary or add-on |
| NIS-2 mapping | Documented | Not available |
| Retention control | Configurable per tenant | Mostly fixed, not steerable |
| CLOUD-Act exposure | None | Yes, even with EU hosting |
As of 2026. Comparison statements about third-party vendors are based on publicly available sources at publication time. Without warranty of continued accuracy.
DSGVO-konformer Dateiversand aus der EU, ohne CLOUD-Act-Risiko.
Modulare deutsche Alternative mit echtem Zero-Knowledge.
Sicherer Dateitransfer statt FTP — Outlook-Add-in, Audit-Log, NIS-2.
Dateien sicher empfangen — persönlicher Upload-Link für Externe.
Outlook-Anhang zu groß? Direkt aus Outlook verschlüsselt versenden.
Demo including DPA review. European hosting from day 1.
Retention periods configurable, enforced automatically instead of manually.