About our security

We take security seriously at TemplateTo. Our API is designed with security in mind, and we’ve taken a number of measures to ensure that your data is safe and secure.

Synchronous rendering

For standard (synchronous) API requests, we never store any of the data that you send to us. All information is held in volatile memory only — meaning it exists temporarily in the server’s working memory and is never saved to disk or any permanent storage. The data is forgotten as soon as the request is complete. This means that there is no risk of your data being compromised or stolen from our servers.

Asynchronous rendering

For asynchronous (background) rendering — used by batch operations and the async API — the resulting PDF file is stored temporarily in encrypted S3 storage so that your application can retrieve it when ready. These files are automatically deleted after 24 hours. The source HTML you submit is still processed in memory only and is never persisted to disk.

Async result files are:

  • Encrypted at rest using AES-256 server-side encryption
  • Accessible only via a unique, time-limited URL returned to the authenticated caller
  • Permanently deleted after 24 hours, with no backups or archives retained

Encryption in transit

We use industry-standard encryption protocols to protect your data in transit. All API requests are transmitted over HTTPS, which uses SSL/TLS encryption to ensure that your data is protected from interception and eavesdropping.

Additional measures

We also implement a number of other security measures to protect against common attacks and vulnerabilities. For example, we use input validation and output encoding to prevent injection attacks, and we use rate limiting to prevent denial of service attacks.

We understand that security is a top concern for our customers, and we’re committed to providing a secure and reliable platform for generating your PDF files. Overall, you can trust that your data is safe and secure when using our API. If you have any questions or concerns about our security practices, please don’t hesitate to get in touch with us. We’re always happy to discuss our security measures in more detail.