Our Policies
SendThisFile's fully compliant solutions meet the privacy and security needs for its clients and partners. Ethics, integrity and data protection are core SendThisFile values.

SendThisFile is dedicated to providing industry leading security and regulatory compliance to its customers.

SendThisFile, Inc. and its partners comply with specialized regulatory requirements which our small, medium, Fortune 500 and Fortune 10 customers must meet. As such, SendThisFile, Inc. is able to provide a robust managed file transfer service to customers who must meet stringent data privacy and data security regulations.

SendThisFile is compliant with HIPAA, EU Safe Harbor, SAS 70 Type II, SSAE16, PCI DSS and FIPS 140-2.


Health Insurance Portability and Accountability Act of 1996 (HIPAA)

The U.S. Department of Health and Human Services recognizes electronic file transfer as a legitimate method of moving individual health records between medical personnel and medical facilities. The file transfer service provided by SendThisFile, Inc. meets the electronic transmission requirements for these documents.

The following PDF contains additional HIPAA information from the U.S. Department of Health and Human Services.

HIPAA compliant electronic transmissions

SendThisFile operates as a common carrier (i.e., SendThisFile operates as the electronic or Internet equivalent of FedEx or UPS). Therefore, a Business Associate agreement with SendThisFile is not required.

HIPAA Business Associate requirements


Statement on Auditing Standards No. 70 (SAS 70)

SendThisFile utilizes Data Centers that have passed a Statement on Auditing Standards (SAS) No. 70 Type II audit conducted by a third party.


Statement on Standards for Attestation Engagements No. 16 (SSAE16)

SendThisFile utilizes data centers that have met the requirements of the Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization.



SendThisFile meets Payment Card Industry Data Security Standard (PCI DSS) version 2.0. PCI DSS version 2.0 is the global data security standard that any business of any size must adhere to in order to accept payment cards, and to store, process, and/or transmit cardholder data. The standard includes 12 requirements for any business that stores, processes or transmits payment cardholder data. These requirements specify the framework for a secure payments environment.

For more information regarding PCI DSS visit http://www.pcisecuritystandards.org


Federal Information Processing Standards (FIPS) 140-2

Federal Information Processing Standards Manual 140 covers the security measures used within software modules. File uploads and downloads on SendThisFile involve a browser at the upload end, a Java module on the SendThisFile server, and a browser on the download end.


SendThisFile Personnel

SendThisFile, Inc. has provided enterprise level solutions longer than any other firm in the managed file transfer industry. We serve Federal military, business and nuclear agencies, international stock market and financial reporting firms, global banks and hospitals. SendThisFile restricts the number of employees who have access to customer data to a small, highly-vetted group, along with secure login procedures.