Security Policy


  • StoreBigFile will comply with the GDPR when it becomes enforceable on May 25, 2018.
  • Data Protection Officer:

Data Security

  • All your personal data is protected using an industry standard Advanced Encryption Standard (AES-256) encryption algorithm to encrypt data in transfer and at rest.
  • Our servers are protected by fully managed Amazon Web Services firewalls.
  • Only key technical staff have direct access to our servers.
  • Backoffice systems have user based access control and a full audit history.
  • All employees and contractors are required to sign a confidentiality or non-disclosure agreements.
  • Server software is updated daily to ensure we have all the security latest patches.
  • Cyber insurance policy is provided by Hiscox.
  • Servers are regularly tested using a industry standard PCI security scan.

Data Location

Your Data

  • The personally identifiable data we hold on our system; Name, Address, Telephone Number, Email Address & Last IP Address.
  • All data relating to card payments is processed by our payment provider Sagepay UK ( using a industry standard secure token system.
  • Data contained within the StoreBigFile repository itself is encrypted.
  • We do not share or transfer your data to any 3rd party.

Data Retention

  • Your personal data is retained for 5 years from termination of contract, unless the data controller requests removal.
  • Your personal data is retained for our company accounting records, and also to allow customers to reactivate thier account.
  • To request removal of personal data please email our Data Protection Officer (DPO). Email: