Security Settings
Configure security policies, access controls, and compliance settings.
Two-Factor Authentication (2FA)
Enhance account security by requiring a second verification step.
For Your Account
- Go to Settings → Account → Security
- Click "Enable Two-Factor Authentication"
- Scan QR code with authenticator app
- Enter verification code
For Organization (Admin)
- Go to Settings → Security → Authentication
- Toggle "Require 2FA for all users"
- Set grace period (0-30 days)
IP Whitelisting
EnterpriseRestrict access to specific IP ranges.
- Navigate to Settings → Security → IP Whitelist
- Click "Add IP Range"
- Enter IP address or CIDR range
- Add description (e.g., "Office VPN")
Note: Ensure your current IP is included before enabling to avoid lockout.
Session Management
Control session duration and active logins.
Session Timeout
- Default: 7 days
- Maximum: 30 days
- High Security: 1 day (Recommended)
Active Sessions
View and revoke sessions at Settings → Account → Sessions.
Data Retention
Documents
- Standard: Indefinite retention
- Enterprise: Custom auto-delete policies (e.g., 90 days)
Audit Logs
- Pro: 90 days history
- Enterprise: Up to 7 years history
Audit Logs
Track all security-relevant events. Accessible at Settings → Security → Audit Logs.
Logged Events:
- User login/logout
- Permission changes
- Document access
- API key management
- Settings updates
Infrastructure Security
Encryption
- In Transit: TLS 1.2+, HSTS, Perfect Forward Secrecy
- At Rest: AES-256 encryption for all data
Compliance
SOC 2 Type IIGDPRCCPAHIPAA (Enterprise)
Vulnerability Disclosure
Report security issues to security@fortifiers.com.
We offer a bug bounty program for valid reports. PGP key available upon request.