Provider credentials are intended to stay local through the OS credential store where supported.
Use encrypted protocols such as SFTP, FTPS, HTTPS WebDAV, HTTPS Synology, and HTTPS S3/R2 endpoints whenever possible.
Report vulnerabilities with reproduction steps, but never send live credentials or sensitive files.
Security model
CloudPairs is a desktop file manager for storage accounts you control. The app connects from your device to supported providers and servers using credentials or OAuth tokens you authorize.
The public CloudPairs platform handles account, licensing, device, release, and support-related workflows. It does not need your S3, R2, SFTP, FTP, WebDAV, Synology, Dropbox, OneDrive, or pCloud secrets to run desktop transfers.
Credential storage
Desktop credentials and OAuth tokens are stored locally through the operating system credential store where supported, such as Windows Credential Manager or macOS Keychain.
Connection metadata such as names, hosts, buckets, regions, ports, protocol settings, and other non-secret preferences may be stored in local application data so the app can show your saved connections.
Transport security
Use SFTP, FTPS, HTTPS WebDAV, HTTPS Synology, and HTTPS S3-compatible endpoints whenever available. Plain FTP is supported for legacy systems but is not recommended for credentials or sensitive files.
CloudPairs relies on provider APIs and server configuration for protocol-level encryption and authentication. You should verify certificate, host, port, permission, and bucket-policy settings before transferring sensitive data.
Account security
Use strong passwords, multi-factor authentication, and least-privilege API keys with your cloud providers. Rotate credentials if a device is lost or transferred.
Revoke unused devices from the CloudPairs dashboard when replacing hardware.
Local controls and data clearing
The desktop app includes controls to clear audit history, remove saved connections and secrets, and clear all local app data. Use provider dashboards to revoke API keys, OAuth grants, server accounts, and passwords when needed.
If you share or dispose of a computer, sign out, clear local data, revoke provider credentials, and unlink the device from your CloudPairs dashboard where available.
Reporting security issues
Please report suspected vulnerabilities to support@cloudpairs.com with clear reproduction steps. Do not include live credentials, private keys, or sensitive customer data in a report.
Contact
Questions about this page, account privacy, billing, security reports, or support can be sent to support@cloudpairs.com. Do not include live credentials, private keys, API tokens, or sensitive files in email.