VirtualDrive
Security

Your files are safe. Here's proof.

Security isn't a feature at VirtualDrive — it's the foundation. Every architectural decision was made with your data's safety as the first priority.

Six layers of protection

Defense in depth — every layer independently blocks unauthorized access, even if another layer were compromised.

Encryption

AES-256 encryption at rest

Every file stored on VirtualDrive is encrypted using AES-256 — the same standard used by banks and governments. Files are encrypted before they hit the disk and can only be decrypted by the authenticated account owner.

Transport

TLS 1.2+ in transit

All data transmitted between your device and VirtualDrive is protected by TLS 1.2 or higher. This prevents man-in-the-middle attacks and ensures your files cannot be intercepted during upload or download.

Database

Row Level Security

Every database table is protected by Row Level Security (RLS) enforced at the PostgreSQL level — not just the application layer. Even if the application layer had a bug, the database itself would reject unauthorized access.

Audit

Full audit logs

Every action — login, logout, file upload, deletion, sharing, admin changes — is recorded in an immutable audit log with timestamp, IP address, and user agent. Admins can review and export the full history at any time.

Access Control

Role-based access control

Users are assigned roles (admin, moderator, user) enforced at the database level via a security-definer function. Admins cannot access each other's files. Users can only see their own data.

Privacy

Zero staff file access

VirtualDrive staff cannot read your files. File contents are encrypted and access is controlled entirely by your account credentials. We store encrypted bytes — not readable content.

Security practices

A full checklist of how we handle your data.

  • Passwords are hashed with bcrypt — never stored in plain text
  • Email verification required on account creation (configurable)
  • Account suspension and forced logout available to admins
  • Executable file types blocked from upload by default
  • Session tokens rotate automatically on each login
  • All admin actions recorded with IP address and timestamp
  • 30-day secure deletion guarantee on account termination
  • Infrastructure hosted on SOC 2-compliant cloud providers

Where your data lives

VirtualDrive runs on Supabase hosted on AWS US East (North Virginia) — a SOC 2 Type II certified, enterprise-grade infrastructure. Your files are stored in geographically redundant object storage with automatic backups.

Have a security concern or vulnerability to report? Contact us at security@virtualdrive.us. We take every report seriously and respond within 24 hours.