Home / Features / File Uploads

AES-256 · Malware-scanned · PCI-aware

Collect files securely

Drag and drop the file upload field on any form. Every upload is encrypted, scanned for malware, validated by MIME and magic bytes, then stored against your workspace quota.

Get Started Free See Security

Upload your documents

Drag files here, or click to browse

PDF, DOCX, JPG, PNG · up to 25 MB

resume.pdf

420 KBEncrypted · scanned

✓ OK

portfolio.zip

8.2 MBEncrypted · scanned

✓ OK

A real upload field, not just a placeholder

Built for the moment a respondent attaches a file — and every step that follows.

Drag-and-drop UX

Drop one file or many. Progress per file, retry on failure, instant client-side preview for images.

AES-256 envelope encryption

Every file is encrypted at rest. Per-file keys wrapped in a workspace key — no plaintext storage anywhere.

Malware scan on every upload

ClamAV scans every file before it lands in storage. Infected files are rejected at the boundary.

MIME + magic byte validation

We verify MIME server-side and check the file's magic bytes — not just the extension. Spoofed uploads are blocked.

Per-plan size limits

Configurable maximum file size per upload, per form. Storage quota tracked at the workspace level.

Download from the inbox

Each submission shows attached files inline. One-click download or open in browser. Bulk export keeps file references intact.

Every upload runs the full pipeline

No shortcuts. The same eight steps run on every file, every time — and the upload is rejected if any step fails.

Validate file size against form limit

Validate MIME type (server-side, not client extension)

Verify magic bytes match declared MIME

ClamAV malware scan

Sanitize file content where applicable

Generate per-file encryption key

Encrypt with AES-256-CBC envelope

Check workspace storage quota, store, audit-log

Common file-upload workflows

A few of the workflows we see most.

Job applications

Resume, cover letter, portfolio. Multi-file upload + custom MIME allowlist.

Insurance claims

Photo evidence, signed documents, repair estimates — all encrypted, scanned, audit-logged.

School & training assignments

Student submissions with file size limits and per-form storage scoping.

Support tickets

Screenshots, log files, screen recordings attached to inbound issues.

Vendor onboarding

Tax forms, certifications, proof of insurance — multi-file uploads on a multi-page form.

Proof of identity

ID document upload combined with conditional fields and required-attachment gating.

Frequently asked questions

What file types can respondents upload?

You configure the allowed types per upload field — PDF, DOCX, common images (JPG, PNG, WebP, HEIC), ZIP, and more. Server-side MIME and magic-byte validation enforces the allowlist.

How big can each file be?

Per-upload size is configurable up to your plan's max. Defaults are sensible (25 MB on most plans) and your workspace storage quota tracks the total.

Are uploaded files encrypted?

Yes. Files use AES-256-CBC envelope encryption — a per-file key wrapped in a workspace key. Files are never stored in plaintext, in transit or at rest.

Do you scan for malware?

Yes. Every upload runs through ClamAV before it lands in storage. Detected threats are rejected at the boundary and never reach your inbox.

How do I download files from a submission?

Open the submission in the inbox — attached files render inline with download and preview options. Bulk export preserves the references; signed URLs let you fetch the encrypted bytes.

Is file upload safe for HIPAA / sensitive data?

Encryption, malware scan, audit logs, and access controls are in place. We don't market a HIPAA-specific tier — review your compliance program against our security posture (linked below) before using forms for protected health information.

Collect files with confidence

Drop a file upload field on any form. We handle encryption, scanning, validation, and storage.

Get Started Free