Making sure your Data is Secure

Increase your team's efficiency by effortlessly connecting Paperbox to your existing systems.

Role-based Access

Whether you are using Single Sign On or not, you can use our predefined roles to manage authorization within your workspace. Control who can manage inboxes, tenant configuration and inbox visibility.

Audit trial

Review the history of automated or manual documents within your workspace. Review who accessed specific documents and control the integrity of your mailflow.

Document retention

We only store your data when a document is in-transit and the audit trail period is active. Once a document is out of our systems and the document retention has passed, we will erase every bit of sensitive information. When this happens is for you to decide, with a maximum of 29 days.

Anonymisation

Usecases that require us to store your data are subject to our proprietary anonymisation engine. This means that all PII data will be erased in a non retraceable manner.

Single Sign On

Secure your workspace using identity providers you know and trust using our Single Sign On integration built on the SAML protocol. With a single click you can sign in with Microsoft Entra, Okta or Google Workspace.

Frequently asked questions about Security

Can Paperbox ensure that our data is processed securely and compliant with the applicable regulations (such as GDPR, DORA)?

Paperbox acts as a 'processor' - this means that data retention is kept to a minimum.
If a document or email is automatically processed or validated by a user, the original document or email is immediately deleted. This reduces the 'data at risk' period to a minimum.
Only an anonymized version of the transaction is stored to train or fine-tune the AI models.

Both the data storage and processing of Paperbox and its sub-processors take place in Europe. More information can be found in our Data Processing Agreement.

Both the company and the Paperbox product are ISO27001 certified, with an annual audit.

As an insurance company or insurance business, we are subject to country-specific regulations such as FSMA in Belgium. How does Paperbox handle that?

Paperbox acts as a 'processor' - this means that data retention is kept to a minimum.
If a document or email is automatically processed or validated by a user, the original document or email is immediately deleted. This reduces the 'data at risk' period to a minimum.
Only an anonymized version of the transaction is stored to train or fine-tune the AI models.

Both the data storage and processing of Paperbox and its sub-processors take place in Europe. More information can be found in our Data Processing Agreement.

Both the company and the Paperbox product are ISO27001 certified, with an annual audit.

Paperbox uses Generative AI models, but does this have an impact on data security?

Paperbox only uses Generative AI (GenAI) endpoints on Google Cloud or Microsoft Azure where data retention is disabled.
This is a must-have requirement.

How does user authentication and provisioning work within Paperbox?

Preferably, Paperbox provides user authentication via SAML federation with Azure Active Directory.
The setup for this is described on the following link.
It is also possible to provision users or grant permissions in two ways:
- Within the Paperbox Application or Admin Panel.
- Automated via SAML

Didn't find your question in this list?