Security overview
ShareMyPage hosts arbitrary, user-supplied HTML and shares it inside a company. Security is a design-level requirement, not a feature bolted on afterwards. Here is exactly how it works.
Hosted in the EU. Your page content, database, and serverless compute all run in Frankfurt (eu-central-1 / fra1). Only authentication and payments use US subprocessors, covered by the EU Standard Contractual Clauses.
Untrusted HTML is contained by isolation
Every page is served from a separate, cookieless content origin and embedded in a sandboxed iframe that runs scripts with a null origin — no access to cookies, local storage, or the app around it. The content origin never holds a session, so even a sandbox escape finds nothing to steal. The app shell itself runs under a strict Content-Security-Policy with frame-ancestors 'self'.
Strict tenant isolation
Every database read and write is scoped to the requesting member's workspace and authorized server-side — never trusting the client. Page links, share URLs, and stored files all use random, unguessable identifiers, so nothing is enumerable.
Where your content lives
Page HTML is stored as private objects on managed, SOC 2-certified cloud storage in the EU (Frankfurt) — not in a public bucket and not in a shared repository. The objects require a server-held credential to read, so the raw bytes are never publicly fetchable even if a URL leaks, and keys are random and unguessable as defense in depth. Page metadata lives in a managed Postgres database in the EU (Frankfurt), with every query scoped to your workspace. Everything is encrypted in transit and at rest.
Verified identity, least-privilege access
Sign-in is Google or Microsoft OAuth. Domain auto-join and page invites key off the provider-verified email, never a typed string. Public email providers are blocked from domain auto-join. API tokens for the Claude/MCP integration are hashed at rest, shown once, revocable, and scoped to a single user and workspace.
Hardening & auditability
Passwords on protected pages are hashed with argon2 and rate-limited. Uploads, comments, password attempts, and token use are rate-limited. Uploads, edits, and visibility changes are written to an append-only audit log. Data is encrypted at rest, and all secrets live in managed environment variables.
Access transparency
Like virtually all hosted software, the people who operate ShareMyPage can technically access stored content — it is decrypted server-side to be served. We treat that access as a privilege, not a right: we do not read your page content except where you ask us to or where we are legally compelled to. For customers who want to remove our access entirely, customer-managed encryption keys (BYOK) are available on enterprise plans.
Compliance posture
We rely on subprocessors that are each SOC 2 Type II certified. ShareMyPage v1 does not yet carry its own formal SOC 2 certification, but the controls an auditor checks are built in, so certification is a later step rather than a rebuild. A DPA, our subprocessor list, SSO/SAML, and customer-managed encryption keys (BYOK) are available for enterprise deployments.
Questions about security or compliance? Reach out and we'll walk you through it.