To meet business needs and comply with financial industry regulatory requirements, some SendSafely customers may wish to keep the data contained in their encrypted packages for longer than the default maximum. Follow these simple steps to enable admin access to all of your organization's SendSafely packages for longer than a year.
Configuration Steps
Step 1: Set up a Master Key
A Master Key provides a privileged organization admin the ability to decrypt items transferred through their SendSafely portal. Please note: a Master Key can only decrypt packages created after the date the key is successfully configured in your SendSafely portal. It cannot provide access to historical packages created prior to its setup date, or to packages that have already been deleted.
Step 2: Configure your Portal-wide and Feature-specific Expiration Settings
Admins can specify the default, minimum, and maximum package expiration for all users via the Enterprise Console. Expiration settings apply to all packages sent using the web portal, Chrome extension, email integrations, and API. Dropzone Package Expiration is configured separately in the Dropzone profile, while Workspaces are designed for longer term collaboration and are currently not subject to data expiration settings.
A warning about File Expiration!
SendSafely does not recommend disabling File Expiration as it is an important Security and Privacy Control for preventing future unauthorized access to sensitive information.
Expiration settings are separate from File Deletion settings. Organizations who require long term file storage should keep File Expiration settings active and instead disable File Deletion (Step 4 below). This approach keeps the security/privacy benefits of the expiration settings intact (i.e., files are stored encrypted in an inaccessible state) but does allow your portal Admins to come back in and unexpire/"reenable" access to files if ever needed for compliance or audit purposes using a Master Key (Step 1 above).
Step 3: Connect your own S3 bucket
Configuring your own AWS S3 Bucket provides you additional options for long-term package storage, including Disabling File Deletion as described in Step 4 below. You can also use versioning in your S3 bucket to recover more easily from unintended user actions, such as accidental data deletion.
Step 4: Request Disabling File Deletion
SendSafely customers can disable file deletion to block both automatic and manual package deletion options. With deletion disabled, files still expire on schedule to prevent recipient access, but remain in storage and can be reactivated in the future as needed. If you’ve connected your own S3 bucket and wish to disable file deletion, please email support@sendsafely.com.
Step 5: Enable Audit Log API (Optional)
The Audit Log API provides Enterprise security and compliance teams broader visibility into events occurring in their SendSafely portal. Authorized users can perform targeted searches of log data as part of ad-hoc incident investigation, or ingest the audit feed into their SIEM platforms for unified monitoring and alerting.
For more critical portal administration info, be sure to review and complete the “Set Up Checklist for SendSafely Administrators”