Our Policies
SendThisFile's fully compliant solutions meet the privacy and security needs for its clients and partners. Ethics, integrity and data protection are core SendThisFile values.


SendThisFile is dedicated to providing industry leading security and regulatory compliance to its customers.

SendThisFile, Inc. and its partners comply with specialized regulatory requirements which our small, medium, Fortune 500 and Fortune 10 customers must meet. As such, SendThisFile, Inc. is able to provide a robust managed file transfer service to customers who must meet stringent data privacy and data security regulations.

SendThisFile helps our customers comply with HIPAA and currently complies with GDPR and EU-US Privacy Shield.

SendThisFile only utilizes data centers that have achieved SOC 2 compliance.


General Data Protection Regulation (GDPR)

SendThisFile is committed to compliance with the General Data Protection Regulation (GDPR). GDPR is designed to give EU citizens more control over their data and seeks to unify a number of existing privacy and security laws under one comprehensive law. Our customers can trust that we have made GDPR a priority and have devoted significant resources toward our efforts to comply with GDPR.

Read more about our GDPR commitment.


EU-US Privacy Shield

SendThisFile, Inc. complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. SendThisFile, Inc. has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/


Health Insurance Portability and Accountability Act of 1996 (HIPAA)

The U.S. Department of Health and Human Services recognizes electronic file transfer as a legitimate method of moving individual health records between medical personnel and medical facilities. The file transfer service provided by SendThisFile, Inc. meets the electronic transmission requirements for these documents.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) omnibus final rule which was announced in January of 2013 and effective March of 2013, is based on statutory changes under the Health Information Technology for Economic and Clinical Health Act (HITECH), enacted as part of the American Recovery and Reinvestment Act of 2009 (ARRA) and the Genetic Information Nondiscrimination Act of 2008 (GINA).

The HIPAA omnibus final rule narrowed the "conduit exception" for Business Associate agreements. However, it still recognizes courier services such as the USPS, UPS and their electronic equivalents as exceptions to the Business Associate agreement requirement. A key determinant in meeting or not meeting the conduit exception is the "transient versus persistent nature" of the service offered.

If your firm requires a Business Associates Agreement, please let us know by contacting us at and we will provide our standard Business Associates Agreement for your review. Our Business Associate Agreement is available for our Enterprise level plans.


Service Organization Control 2 (SOC 2)

SendThisFile only utilizes Data Centers that have achieved SOC 2 compliance. Read more about SOC reporting



SendThisFile meets Payment Card Industry Data Security Standard (PCI DSS) version 3.2. PCI DSS version 3.2 is the global data security standard that any business of any size must adhere to in order to accept payment cards, and to store, process, and/or transmit cardholder data. The standard includes 12 requirements for any business that stores, processes or transmits payment cardholder data. These requirements specify the framework for a secure payments environment.

For more information regarding PCI DSS visit http://www.pcisecuritystandards.org


Federal Information Processing Standards (FIPS) 140-2

Federal Information Processing Standards Manual 140 covers the security measures used within software modules. File uploads and downloads on SendThisFile involve a browser at the upload end, a Java module on the SendThisFile server, and a browser on the download end.


SendThisFile Personnel

SendThisFile, Inc. has provided enterprise level solutions longer than any other firm in the managed file transfer industry. We serve Federal military, business and nuclear agencies, international stock market and financial reporting firms, global banks and hospitals. SendThisFile restricts the number of employees who have access to customer data to a small, highly-vetted group, along with secure login procedures.