Show HN: Cloud file conversion security model (S3-only, 24h retention)

2•maniazi83•1h ago

Hi HN — I’m building Docpose.cloud (online file conversion + API). File processing is a trust problem, so I wrote a security + processing architecture page that explains exactly how files move through the system.

Highlights:

S3-only pipeline: workers read from object storage and write results back

No permanent local disk persistence on workers

Source files deleted immediately after processing

Converted files expire after 24 hours by default

Operational logs kept up to 30 days (metadata only, no file contents)

I’m posting this because security questions come up every time someone evaluates file-processing infrastructure. Feedback welcome — especially on what you’d want clarified for a vendor security review.

Comments

maniazi83•1h ago

Extra context: the goal was to be concrete (data lifecycle, retention, logs) rather than generic “we take security seriously” language. If there’s any security review question you’d expect answered on this page (sandboxing detail, threat model, key mgmt, etc.), tell me what’s missing and I’ll update it.

maniazi83•1h ago

One thing we intentionally avoided was long-term storage. Many file tools quietly retain inputs longer than users expect.

Our default model is:

Source deleted immediately after processing

Converted output expires after 24h

Logs retained up to 30 days (metadata only)

No file contents stored in logs

If anyone here runs file-processing infrastructure, I’d genuinely love to know — what retention window do you consider reasonable for this category?

Ask HN: How do you enforce guardrails on Claude agents taking real actions?

Metamorphic Testing for Infrastructure-as-Code Engines [pdf]

Tripling an LLM's ARC-AGI-2 score with code evolution

AdaptiveCpp's new Metal backend to support CUDA dialect on Apple GPUs

New 'Mars GPS' lets Perseverance pinpoint its location within 25 centimeters

I turned down a $1M acquisition offer because I wanted to own what I built

Wolfenstein: Enemy Territory in emscripten, WS relay for online browser matches

Airbnb has a recruiting easter egg in its JavaScript output

OpenAI Fires an Employee for Prediction Market Insider Trading

The LLM Sycophancy Antidote

Lessons from Building Claude Code: Seeing Like an Agent

Hyperion author Dan Simmons dies from stroke at 77

PicoClaw: Ultra-Efficient AI Assistant in Go

Forgiven – A Vim/Spacemacs terminal editor with native Copilot agent (Rust)

Show HN: Goodfriendsbook.com Let's ask you, want opensourced to GitHub

Lazard LCOE+ 2025 [pdf]

Trump officials move to kill system that protects US from chemical disasters

NASA announces Artemis III mission no longer aims to send humans to moon

Why is getting a cheap prepaid SIM card in the USA so complicated?

Pure LLMs Score 0% on ARC-AGI-2. Why the Third Wave of AI Looks Like the First

ByteDance Seed 2.0

Our new frontier model: Ian

Warner Bros signs $110B deal with Paramount

The Distillation Problem, It's Not a Cold War, It's Napster

Is This Waymo a Better Person Than You?

Lasse Collin

Ask HN: Apple locked me out of the developer program for a technical error

IronCurtain: A Personal AI Assistant Built Secure from the Ground Up

Instant DB clones for AI agents

Should everyone be taking statins?