security
Your data is safe.
Your clients' data is safer.
Folio is built for accounting firms that handle sensitive financial documents every day. Security is not a feature — it is the foundation everything else sits on.
How we protect you
Six layers of protection
Encryption at rest
All files and database records encrypted with AES-256 via Cloudflare R2 and D1.
TLS everywhere
All connections use TLS 1.2+. No unencrypted data ever leaves the network.
Magic link auth
Cryptographically random, time-limited, single-use tokens. No passwords for clients.
Role-based access
Owner, Admin, and Member roles enforced at the API level. Clients see only their own data.
Audit logging
Login events, document access, permission changes, and export actions are timestamped and logged.
GDPR compliant
Data processing agreements, Standard Contractual Clauses, and Data Subject rights honoured.
Infrastructure
Built on Cloudflare
We chose Cloudflare's edge platform so your data is processed close to you, with enterprise-grade redundancy and no single point of failure.
Cloudflare Workers
Serverless compute at the edge — no single point of failure.
Cloudflare R2
Object storage for uploaded documents. Encrypted at rest, zero egress fees.
Cloudflare D1
SQLite-based edge database for structured data. Logically isolated per workspace.
Polar
Subscription billing. PCI-compliant payment processing for your Folio account.
Stripe Connect
Client payment processing (optional). Your own Stripe account — Folio never touches card data.
Compliance
Our compliance roadmap
GDPR compliance
Data Processing Agreement, Standard Contractual Clauses, Data Subject rights workflows, and cookie-free portal pages.
Encryption everywhere
AES-256 at rest, TLS 1.2+ in transit, encrypted credential storage for third-party integrations.
SOC 2 Type II
Currently undergoing audit. Expected completion Q4 2026. Our infrastructure provider (Cloudflare) is already SOC 2 Type II certified.
Penetration testing
Third-party penetration test scheduled post-launch. Results and remediation will be shared with enterprise customers.
FAQ
Security questions
Is Folio SOC 2 compliant?
Folio is currently pursuing SOC 2 Type II certification. Our infrastructure is built on Cloudflare, which holds SOC 2 Type II, ISO 27001, and PCI DSS certifications. We expect to complete our own SOC 2 audit by Q4 2026.
How does Folio encrypt data?
All data at rest is encrypted using AES-256 via Cloudflare R2 and D1. All data in transit is encrypted with TLS 1.2 or higher. Magic link tokens are cryptographically random and time-limited.
Where is my data stored?
Folio runs on Cloudflare's global edge network. Uploaded files are stored in Cloudflare R2, and structured data in Cloudflare D1. Data may be processed in the EU, US, or other Cloudflare regions, with appropriate transfer safeguards in place.
Can clients access other clients' data?
No. Each magic link is scoped to a single client and a single set of document requests. Clients cannot see other clients' data, documents, or portal activity. Workspace-level isolation ensures complete separation.
Does Folio support role-based access control?
Yes. Folio workspaces support three roles: Owner (full access including billing), Admin (manage clients and team), and Member (access assigned clients only). Permissions are enforced at the API level.
How do magic links stay secure?
Magic links use cryptographically random tokens, are time-limited (configurable expiry), and are scoped to a single client portal. They do not expose passwords or account credentials. Expired links cannot be reused.
Questions about security?
Reach out any time. We are happy to walk through our security practices or discuss your compliance requirements.