SendThisFile Regulatory Compliance

Meet Stringent Regulations with Compliant File Transfer

Regulatory Compliance

We are dedicated to providing industry leading security and regulatory compliance to our customers. SendThisFile, Inc. and our partners comply with specialized regulatory requirements that our small, medium, and Fortune 500 customers must meet. As such, we are able to provide a compliant file transfer service to customers who must meet stringent data privacy and data security regulations.

HIPAA File Transfer

HIPAA File Transfer

The Health Insurance Portability and Accountability Act (HIPAA) outlines safeguards that covered entities and their Business Associates use. These measures ensure the confidentiality, integrity, and availability of electronic protected health information.  The HIPAA omnibus final rule narrowed down the “conduit exception” for Business Associate agreements. However, it still acknowledges courier services such as the USPS, UPS, and their electronic equivalents as exemptions to the requirement of a Business Associate agreement. The determination of meeting or not meeting the conduit exception hinges on the “transient versus persistent nature” of the service offered. SendThisFile, Inc. operates as a secure file transfer service rather than a file storage service. This service possesses a transient nature, thus fulfilling the conduit exception requirement.

If your firm requires a Business Associates Agreement, please let us know by contacting us at and we will provide our standard Business Associates Agreement for your review. Our Business Associate Agreement is available for our Enterprise level plans.


As of May 25, 2018, a European privacy law, the General Data Protection Regulation (GDPR), is in effect. The GDPR is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area.Since 2003, SendThisFile has always committed to protecting customer’s data and privacy and currently complies with EU-U.S. Data Privacy Framework. Data Privacy Framework. Read more about SendThisFile’s GDPR commitment.


SOC-2 File Transfer

Service Organization Control 2 (SOC 2), reports on various organizational controls related to security, availability, processing integrity, confidentiality or privacy. SOC 2 is an auditing procedure that ensures your service providers securely manage your data to protect the interests of your organization and the privacy of its clients.

Like other compliance mandates, it is not a simple but rather a complex set of requirements that must be reviewed and carefully addressed. SendThisFile only utilizes data centers that achieved SOC 2 compliance.

Compliant File Transfer

If your business has rules and regulations for safeguarding data, a compliant file transfer is a necessity. To discuss your requirements in more detail, contact a, or start out with a free plan today.