How FaxSeal protects your data

All data transmitted between your browser and FaxSeal is encrypted via TLS 1.2 or higher. Fax transmissions over the PSTN are handled by SignalWire using industry-standard protocols. Database connections use SSL.

Documents and fax job records are stored on Cloudflare R2 (US infrastructure) with server-side encryption. No document content is stored in the relational database — only metadata (recipient number, status, timestamps).

Uploaded PDF files are automatically deleted within 7 days of fax delivery, failure, or expiry. Guest signed PDFs are deleted within 72 hours. Signed PDFs saved to your account are retained until you delete them. Fax job records (metadata only — no document content) are retained for 90 days for support purposes, then permanently deleted. Account holders can request immediate deletion by emailing [email protected].

FaxSeal is hosted on Railway (US-based servers). Document storage uses Cloudflare R2 (US region). Fax transmission is handled by SignalWire (US-based telco infrastructure). No customer data is transferred outside the United States as part of normal operations.

FaxSeal never stores payment card data. All payment processing is handled by Stripe under PCI-DSS Level 1 compliance — the highest level of payment security certification. FaxSeal receives only a tokenized reference, never raw card details.

User sessions use secure, httpOnly cookies. API tokens are scoped per account and can be revoked at any time from the dashboard. Admin access is role-gated. Passwords are never stored — authentication uses email magic links or Google OAuth.

Every fax transmission generates an immutable job record with sender, recipient, timestamp, page count, status, and delivery confirmation. Certified delivery receipts include a SHA-256 hash of the transmitted document, providing tamper-evident proof of content integrity. Account holders can export their full fax history at any time.

FaxSeal does not use advertising cookies, tracking pixels, or third-party analytics. We do not sell, rent, or share customer data with third parties for marketing purposes. No behavioral profiling is performed.

All webhook endpoints use HMAC signature verification (SHA-256 for Mailgun, SHA-1 for SignalWire, SHA-256 for Stripe). Inbound requests are validated for timestamp freshness and replay attacks. Scanner and exploit-path blocking is applied at the edge via middleware. Rate limiting is enforced on all public endpoints.

FaxSeal is deployed on Railway Pro with automatic restarts and health monitoring. The application uses a PostgreSQL database with connection pooling via PgBouncer for reliability under load. Fax jobs are queued durably and survive application restarts.