Who can access the pdf-temp-files storage, and how long are files stored in it?

The pdf-temp-files storage is a private Amazon S3 bucket that utilizes strong industry-standard encryption at rest. Uploaded and output files are temporarily stored in this bucket under highly randomized names generated using a secure random generator. Each file is set to expire in 60 minutes by default and is automatically deleted permanently from the bucket upon expiration. Depending on your subscription plan, you may increase the expiration timeout from 5 minutes to 1440 minutes (1,440 minutes = 24 hours) using the expiration parameter. You may also remove a file directly using the file/delete endpoint at any time.

Since the pdf-temp-files storage is a private bucket, files are accessed via a special “signed” link using the Amazon AWS powered signed links mechanism. This mechanism provides an additional layer of security when accessing the file.

The pdf-temp-files bucket is not included in any backups. Only our engineers have temporary access to this bucket, and 2FA is enforced and required for access. Each access session to the storage is automatically logged, and information about the files’ relation to a specific user is stored separately in a different database.

For additional encryption of the file content, you may utilize user-controlled encryption. This feature provides a way to encrypt output file content with your own encryption option using industry-standard AES encryption, which is supported by all platforms, including Salesforce and others.