Built to move
your trust.

Encryption in transit, checksums on every file, audit trails on every action. Zero retention by default.

When migrating critical data, security isn't optional — it's foundational. Mover uses encrypted connections (TLS, HTTPS, SSH) to protect your data in transit and applies integrity checks to ensure every file arrives unaltered. The same security posture that 4,000+ companies trust on Files.com, focused for one-time migrations.

Start a MigrationSee the Safeguards
AES-256
Encryption at rest
Same standard used by Files.com.
TLS 1.3
Encryption in transit
TLS 1.2 supported for legacy clients.
SOC 2Type II
Continuously audited
GDPR-aligned across regions.
0 bytes
Retained after migration
You set the retention policy.

Migration is the most sensitive moment in a file’s lifecycle.

Your files are in motion across networks, between providers, often with new credentials and freshly minted roles. Mover is designed for exactly that moment — every connection authenticated, every byte encrypted in transit, and every transfer verified at the destination before it counts as done.
TLS 1.2 / 1.3 in transit. AES-256 at rest. Checksums on every transfer.* *Where supported by the source and destination.

Files.com’s enterprise-grade protections, focused for migrations.

Mover is built on the same cloud-native platform that powers Files.com, trusted by more than 4,000 companies worldwide. SOC 2 Type II and GDPR compliance flow through to every migration you run — frameworks that are continuously audited and relied on by enterprises and government agencies every day. For HIPAA-bound workloads, Files.com offers a HIPAA-compliant upgrade path.
No new infrastructure to operate.

Every action logged. Every transfer accounted for.

Audit trails record every action, every file, every byte. And zero retention means the data is gone the moment your project is done.
Audit-ready by default. No invoice math, no log archaeology.

The safeguards behind every migration.

Mover was designed with security woven into every stage of the migration process. Below are the core safeguards that ensure your migrations stay secure, reliable, and audit-ready — every time.

End-to-End Encryption

All data is encrypted in transit using TLS 1.2 / 1.3 and at rest with AES-256 — the same hardened encryption standards that protect billions of files on Files.com secure your migration from start to finish.

Compliance & Certifications

Mover inherits Files.com’s SOC 2 Type II and GDPR posture — both audited continuously and relied on by regulated industries worldwide. HIPAA is not in Mover’s scope; for HIPAA-bound workloads, Files.com offers a HIPAA-compliant configuration under a BAA.

Audit Trails

Every action is logged and every transfer tracked, inheriting Files.com’s proven visibility — so you can verify exactly what moved, when, and by whom.

Data Integrity & Zero Retention

Checksums and file validation* confirm every transfer arrives intact, and Mover never retains your data longer than necessary — you keep complete control over retention policies. *Where supported by the source and destination.

Cloud-Native, No Infrastructure

Mover’s SaaS architecture eliminates the need to deploy or maintain servers — secure migrations without infrastructure headaches, backed by a platform built for scale and reliability.

Secure Connection Credentials

Source and destination credentials are encrypted at rest, scoped per connection, and never exposed in logs or APIs — the keys to your buckets stay just as protected as the data itself.

Security, answered.

The questions security and compliance teams ask before signing off on a Mover migration. Encryption, retention, credentials, audit logs, IAM scope.

Yes. Every connection uses TLS 1.2 or 1.3 in transit, and any data Mover buffers en route is encrypted at rest with AES-256. The same hardened encryption standards that protect billions of files on Files.com cover your migration end to end.

No. Mover holds zero bytes after a migration finishes.The retention window is whatever you set on your source and destination buckets — Mover doesn't keep a copy of the data once the last file has been verified at the destination.

Source and destination credentials are encrypted at rest, scoped per connection, and never exposed in logs or API responses. The keys to your buckets stay just as protected as the data they unlock. You can revoke or rotate credentials at any time, and Mover honors the revocation immediately on the next request.

Yes. Mover inherits Files.com's SOC 2 Type II posture, audited continuously by an independent third party. SOC 2 reports are available under NDA — request one from sales@files.com.

Mover itself is not the right surface for HIPAA-bound data. For workloads covered by HIPAA, the right path is Files.com, which offers a HIPAA-compliant plan with a Business Associate Agreement (BAA). If your migration involves protected health information, start the conversation at sales@files.com so we can route you to the right product configuration.

Yes — Mover orchestrates the transfer cloud-side, which means the bytes flow through Mover's infrastructure on the way from source to destination. The connections are TLS-encrypted on both legs, any in-flight buffering is AES-256 encrypted at rest, and nothing is retained after the transfer verifies at the destination. No infrastructure for you to operate or harden.

Every action, every transfer, every byte is logged — what moved, when, and by whom. Audit logs are retained for the lifetime of your Mover account; export them at any time for your own compliance records. If your project needs the logs gone after a defined window, contact supportand we'll set a retention policy that matches.

Yes — Mover requests only the minimum permissions needed to read from your source and write to your destination. For S3, that usually means ListBucket / GetObject on the source and ListBucket / PutObject / DeleteObject on the destination, scoped to the specific buckets and paths you configure. The per-provider permissions are documented in the Mover docs; use those policies as the floor for your IAM roles, and lock them tighter to specific prefixes if your migration calls for it.

Move with confidence.

Every migration runs on the same security posture that backs Files.com — proven across thousands of customers, audited continuously, and audit-ready by default.

Start a MigrationView Documentation