Security & Privacy Guide

Cloud Infrastructure

Hosting Provider

Affinda’s cloud infrastructure runs exclusively on AWS (Amazon Web Services), in the AU and EU regions. 

Key AWS services in use by our cloud infrastructure include:

  • Elastic Compute Cloud (EC2): Server hosting
  • Simple Storage Service (S3): Document hosting
  • Managed Cloud DNS (Route 53): Name resolution

Data Security

All data ingress and egress to Affinda’s cloud services is encrypted via TLS (Transport Layer Security) over the HTTPS protocol. Our website and API do not support or provide access via any unencrypted endpoints. Our TLS security policy conforms to modern cryptographic best practices which are continually reviewed and updated.

Key cryptographic policy decisions include:

  • Only TLS v1.2 supported (TLS v1.1 or earlier refused)
  • Server-side preference for cipher selection w/ modern, strong ciphers
  • Ephemeral Diffie-Hellman key exchange required (Forward Secrecy)

Network Security

Affinda’s cloud services make use of AWS VPCs (Virtual Private Cloud) with modern, best practice configurations to further enhance network security and minimize exposure. Data transmission between servers after ingress from the public Internet is strictly performed within a segregated private network. Customer data is only transmitted over the public Internet at the initial time of ingress and at the time of egress with the requested results. ACLs (Access Control Lists) are deployed to limit network communication between internal servers to whitelisted systems.


Access Credentials

Web app

To access the Affinda platform, users must create an account via our Affinda web app. Within this web app, users can access their API key, add documents and export data and use other tools we offer. Affinda have enabled the option of Multi-Factor Authentication on all users accounts to ensure data security. 


All API accounts are given a unique token for authentication.  This credential can be used to add new documents, retrieve results, list existing documents, and delete documents.  To reduce the risk of data loss in the case of your token being compromised, we can turn off the ability for your credential to list existing documents.
Please contact Affinda sales staff to enable this for your account.

Document Lifecycle

The Affinda API provides customers full control over the lifecycle of their submitted documents.

Lifecycle options can be set per document and include:


When a document is deleted, the document and all associated files are immediately removed from our servers. All access to the document will be lost. Document metadata, which may include file names but does not include the file content, may remain in Affinda’s database or backups of Affinda’s database for some time.


A typical scenario when incorporating the API into a web app is to enable a customer’s end users to perform document parses on demand. In such cases, it is not necessary or desirable to store the result indefinitely. To facilitate this, the API allows a customer to specify an expiry time when they submit the document. When a document has an expiration set, it will be deleted automatically at the expiration date.