Security & privacy.

Fetcher handles sensitive personal and financial documents. Here is a clear summary of how security works — both for you and for the clients you're asking to submit their documents.

Encryption in transit and at rest

All data transmitted between your client's browser and Fetcher's servers is encrypted using TLS 1.3 — the same standard used by banks and financial institutions. Uploaded files are stored encrypted at rest using AES-256 encryption. Keys are managed by Fetcher and rotated on a regular schedule.

No client login required

Fetcher's client portal uses link-based authentication. Each request generates a unique, cryptographically random URL. The link is specific to that client and that request — it cannot be guessed or brute-forced. Clients never need to create an account or remember a password.

Link access controls

The upload link is active only while the request is open. Once you close or archive a request, the link becomes inactive. Anyone who tries to access it sees a message that the request is closed. You can also manually invalidate a link at any time from the request detail view and issue a new one.

Who can see uploaded files

Uploaded files are visible only to team members in your Fetcher workspace. Fetcher employees do not access file contents except in response to a direct support request you initiate. Fetcher does not sell, share, or process the content of your clients' documents for any purpose other than delivery to you.

Data retention

Fetcher retains uploaded files for as long as your account is active. If you delete your account, all files are permanently deleted from Fetcher's servers within 30 days. Archived and closed requests also retain their files until you explicitly delete the request or delete your account.