{ "@context": "https://schema.org", "@type": "WebPage", "name": "Security", "description": "Ontdek hoe FileCap jouw data beschermt met AES-256, TLS 1.3 en ISO 27001-certificering. Volledig gehost binnen de EU. Lees meer over onze beveiligingsmaatregelen.", "url": "https://filecap.com/security", "publisher": { "@type": "Organization", "name": "Contec B.V.", "brand": "FileCap", "url": "https://filecap.com", "email": "security@filecap.com", "hasCredential": { "@type": "EducationalOccupationalCredential", "name": "ISO 27001:2022", "credentialCategory": "Information Security Management" } } }
intersect FileCap icon
Product
Pricing
Customers
Branches
Partners
Knowledge base
More
About FileCap
Support
Vacancies
Contact
Demo
Try 30 days free
intersect FileCap icon
Start a free trial

Security

FileCap provides the most secure service possible by taking responsibility for the security of systems, communications, and data throughout the entire chain. Our vision and measures are set forth in the information security policy of Contec B.V. (the developer of FileCap), which was drafted in accordance with the international standard ISO 27001:2022.

FileCap Security

FileCap is designed to securely exchange emails and files—within Outlook, Microsoft 365, and the web portal. With FileCap, you can customize security settings to align with your own policies:

  • Unique user accounts that allow messages, invitations, and transfers to be traced back to individual users.
  • Four verification methods for recipients: password, code via email, code via text message, or a company password. A second verification step can be added for extra security when handling sensitive information.
  • Multi-factor authentication (MFA / 2FA) for administrators.
  • Centralized management of retention periods and download limits per message.
  • Ability to recall sent emails and files.
  • Passwords are stored in encrypted form using a PBKDF2 hash function.
  • Files and messages are stored at rest using AES-256 encryption; communication between add-ins, the web portal, and the backend takes place over TLS 1.3.

In developing and managing FileCap, we follow recognized best practices, including:

ISO 27001 / ISO 27002: the international standard for information security management systems. Contec has been ISO 27001 certified since July 7, 2020; since 2025, we have been certified to the ISO 27001:2022 standard.

NCSC ICT security guidelines for web applications: the guidelines from the National Cyber Security Center serve as a reference framework for our development and management processes.

OWASP Top 10: the ten biggest security risks for web applications identified by the Open Web Application Security Project are incorporated into development, code review, and testing.

Secure Software Development Lifecycle: Security is embedded in our development processes—from design and code review to release and patch management. Administrators can schedule updates to the FileCap server or apply them immediately.

Hosting and data center location

The FileCap SaaS environments are hosted entirely within the European Union. We currently use two EU hosting platforms:

  • Scaleway, a European (French) cloud provider, where new and migrated FileCap environments are hosted. Scaleway is FileCap’s strategic choice, partly with a view to European sovereignty and compliance.
  • Amazon Web Services (AWS) — EU regions, where some of our existing SaaS customers are currently hosted. These environments are hosted exclusively in EU data centers; data from these customers is not processed outside the EU. The migration of these customers to Scaleway will take place in phases throughout 2026.

Regardless of the underlying platform, your data will not leave Europe and will not be used for AI training or marketing purposes. Upon request, we will let you know which platform your specific FileCap environment is running on.

Access to our systems

Access to your FileCap environment is only possible with a valid account, a strong password, and—for administrators—multi-factor authentication. Your data is always transmitted over an SSL/TLS-encrypted connection.

After logging in, you will have access to only the features you are authorized to use. Based on their roles, administrators, end users, and recipients can be assigned different permissions and authentication requirements.

Administrator accounts and privileged access

In line with zero-trust principles, administrator access is being further secured:

  • Administrators and end users are managed in separate contexts; an administrator account is not used for regular email or file transfer activities.
  • IP restrictions on the admin panel: You can configure subnet or IP whitelists so that the admin panel can only be accessed from trusted networks.
  • MFA / 2FA is available and recommended for every administrator account.
  • An audit trail records administrative actions in the FileCap server logs, including both backend operations and actions on the underlying infrastructure.
  • For MSP environments, you can configure access to the customer portal on a per-portal basis; this ensures that access is explicitly and verifiably controlled.
  • The FileCap SaaS platform is actively and continuously monitored to ensure the security of customer data.

Managing Security Incidents

We ensure strict compliance with our security measures. Any deviations are detected, investigated, and classified. Based on incidents and the records kept, we implement additional security measures. Customers are notified in accordance with the GDPR and applicable legal reporting requirements if they are affected.

Vulnerability reports

FileCap takes the security of customer data and the safe use of our SaaS solution extremely seriously and actively monitors these aspects. To enable users of our systems to actively contribute to this, you can report any instances of misuse or suspected security vulnerabilities directly to our security team at security@filecap.com.


We ask that you always contact us directly if you suspect any vulnerabilities. We strongly advise against reporting or disclosing information via social media in order to minimize potential risks to those involved.

Certification and assessment

The quality, security, and privacy of FileCap are demonstrated through certifications and regular audits.

ISO 27001:2022 certificate

Contec B.V., the provider of FileCap, has been certified to the international ISO 27001 standard for Information Security Management Systems (ISMS) since April 1, 2021. View Contec B.V.’s ISO 27001 certificate.

GDPR

FileCap complies with the General Data Protection Regulation (GDPR). View Contec B.V.'s privacy statement (PDF).

Connection to NIS2

FileCap meets the requirements set forth in the NIS2 Directive on cyber resilience. The combination of AES 256 encryption, TLS 1.3, MFA, DLP via Business Rules, and a verifiable audit trail supports customers in their own compliance efforts. If your organization does not directly comply with NIS2, FileCap helps you serve as a secure building block in the supply chain for customers who are subject to NIS2.

DORA - third-largest provider of IT services

Regulation (EU) 2022/2554 (the Digital Operational Resilience Act, "DORA") has applied to financial entities in the EU since January 17, 2025, and sets out legal requirements for information security and the management of ICT risks, including where these risks lie with third-party providers.

If your organization is a financial entity as defined by DORA—such as a credit institution, investment firm, payment institution, insurer, insurance intermediary, pension institution, management company, or similar entity—FileCap may qualify as a third-party IT service provider for you.

FileCap supports you in this as follows:

  • DORA Addendum to Your IT Contract. Do you feel that your existing agreement does not adequately address the DORA baseline requirements? Upon request, FileCap will work with you to draft a DORA addendum that can be added to your existing agreement.
  • Information Register (Article 28(3) of the DORA). Upon request, we will provide you with the information you need to include FileCap as a third-party provider in your information register of ICT contracts. De Nederlandsche Bank (DNB) and the Netherlands Authority for the Financial Markets (AFM) have actively requested the submission of this information by 2026. FileCap does not have an LEI number, as this is not legally required for IT suppliers outside the core financial sector; we can provide you with our Chamber of Commerce registration details and other identifying information.
  • Management and accountability for IT risks. AES 256 encryption, TLS 1.3, MFA, IP restrictions, audit trails, regularly tested backups, vulnerability scans, and the ISO 27001-certified ISMS align with the DORA measures for the protection, detection, containment, recovery, and remediation of IT incidents.
  • The underlying hosting providers are certified themselves. The EU hosting platforms on which FileCap runs comply with recognized information security standards:
    • Scaleway is certified to ISO/IEC 27001:2022 and holds French HDS certification (Hébergeur de Données de Santé) for hosting healthcare data; in addition, Scaleway is currently undergoing the qualification process for SecNumCloud.
    • AWS holds certifications including ISO/IEC 27001, ISO/IEC 27017 (cloud security), ISO/IEC 27018 (privacy in the cloud), and SOC 1/2/3 reports. AWS environments for FileCap run in EU regions.

Upon request, we will provide the relevant supplier declarations so that you can include them in your own DORA information register and risk assessment.

  • No client decryption keys are stored on the platform. FileCap does not store client decryption keys; this ensures confidentiality when used by financial institutions.

Please note that the accountability under DORA remains with you as a financial entity: you remain fully responsible for compliance with DORA and applicable financial law. FileCap does not provide legal advice; for implementation questions, we refer you to your own legal counsel or the relevant supervisory authorities (in the Netherlands, the AFM and DNB; at the European level, the EBA, EIOPA, ESMA, and—for systemic risks—the ESRB).

Would you like to receive our brief explanation of DORA in relation to FileCap, or discuss a DORA addendum? Please contact us at security@filecap.com.

WCAG 2.0

FileCap complies with WCAG 2.0 for digital accessibility.

Penetration testing and vulnerability assessment

The FileCap infrastructure and software are assessed for vulnerabilities whenever significant functional or technical changes are made. We conduct this assessment in-house, followed by the classification and follow-up of findings.

In addition, we continuously use external scanning tools to check for vulnerabilities in the FileCap environment and its underlying components. Any vulnerabilities found are actively tracked and—depending on their impact—resolved or mitigated, and patches and updates are applied according to an established release process. In response to ad hoc requests from customers, we facilitate—in consultation—penetration tests on their own FileCap environment.

Continuity

Hosting and Redundancy

FileCap SaaS environments run on cloud infrastructure designed for high availability, either on Scaleway or in AWS EU regions. This ensures that, in the event of a component failure, service can continue without interruption for the end user.

Backups

To safeguard data and configurations, backups are performed periodically. Administrators can request a backup of their environment upon request. The restore functionality, which is available only to authorized FileCap personnel, is used to restore backups.


Our recovery procedures are tested on a regular basis. Findings are classified and followed up; to date, these tests have not revealed any major issues. The backup system is intended for disaster recovery, not for archiving individual customers’ data.

Backups of the SaaS platforms are stored in the Netherlands, with at least one copy always stored off-site.

Emergencies and Suppliers

Our business continuity planning focuses on both the SaaS environment and the support provided by our support team. We have established contractual agreements with our suppliers—including Scaleway and AWS (EU) as hosting partners and our SMS provider—regarding availability, security, and data protection.

Division of Responsibilities (FileCap SaaS)

FileCap is provided as a SaaS service. Responsibility for security and compliance is shared:

FileCap / Contec is responsible for:

  • design, development, and maintenance of the FileCap application;
  • hosting the SaaS environment within the EU on Scaleway or in AWS EU regions, including redundancy, monitoring, and backup; patching and updates for the FileCap platform;
  • data security at rest (AES 256) and in transit (TLS 1.3);
  • platform access control and logging;
  • Management of the ISMS in accordance with ISO 27001:2022.

The customer is responsible for:

  • setting up and managing your own FileCap users, roles, and permissions;
  • configuring policy settings within FileCap, such as authentication methods, retention periods, download limits, Business Rules (DLP), and any IP whitelisting from the admin panel;
  • securing end-user devices (Outlook clients, browsers, mobile devices);
  • secure handling of login credentials and the use of MFA;
  • the proper classification of information sent via FileCap and the decision to use—where appropriate—a second verification method or corporate password;
  • compliance with the laws and regulations applicable to the customer (such as the GDPR, NIS2, DORA, and sector-specific standards).

A detailed breakdown can be provided upon request, for example, as part of a supplier assessment or a DPIA.

FileCap 'in control'

If you entrust (parts of) your business processes for secure email and file sharing to FileCap, you want to be sure that this is done in a controlled and reliable manner. The quality standards, level of information security, and privacy must meet your expectations, the agreed-upon service terms, and current laws and regulations.

FileCap, developed and managed by Contec B.V., has been recognized for over fifteen years as a reliable partner for encrypted email and file transfer. With an ISO 27001-certified ISMS, hosting within the EU, strong encryption, and a transparent division of responsibilities, we help you maintain control over the information flows you entrust to FileCap.

Do you have questions about this page or a specific security measure? Please contact us at security@filecap.com.

FileCap arrow pointing upward

Try 30 days for free

Completely free of charge
Completely non-binding
Without limitations
Start a free trialLike a demo?

Menu

ProductPricesCasesResellers
About FileCapVacanciesSupportContact

FileCap is ready to help!

Questions? Want to know more? We're happy to help!
+31 (0)53 428 56 16
©2026
FileCap
FileCap: A secure Dropbox alternative
Email encryption for organizations that share confidential information
Secure emailing and file sharing for construction companies
Why upgrade to FileCap SaaS.
DORA Compliance
Prevent data breaches
Your alternative to Liquidfiles
Secure emailing Outlook
Secure and reliable document transfer
Send documents securely and reliably
GDPR: Strengthen customer trust with privacy protection
NIS2: The new standard for cybersecurity in Europe
FileCap: A low-cost Zivver alternative
FileCap: The alternative to Smartlockr
FileCap: A low-cost Cryptshare alternative
FileCap: More flexible, user-friendly and complete than Registered Mailing
FileCap: A secure WeTransfer alternative without data usage for AI training
Withdrawing mail in Outlook? There is a smarter way
Registered mail: transmitting information securely via e-mail
Secure Transfer: Safer file transfer with FileCap
Email encryption in Microsoft 365 and Outlook
Safe file sharing: security and privacy with FileCap
Optimally protected with FileCap thanks to DLP Business Rules
FileCap as an Outlook plug-in: sending via email vs. the web portal
Sending large files for free? Know the (im)possibilities!
Emailing files to yourself via FileCap: efficient and secure
Important information about the new Outlook version and FileCap integration
FileCap SaaS: the smartest way to send large files securely
FileCap for accountants, tax consultants and administration firms
Public invitations: simply and securely receive files and messages
Secure emailing with FileCap
FileCap and the NTA 7516
Easily and securely send large files
MSP Partner Dashboard
Download AnyDeskSitemapCookiesGeneral Terms and ConditionsPrivacy StatementMediaSecurity