Dossira
Create
Menu
← Back to Security Center

Security & Privacy Overview

Security & Privacy Overview at Dossira

This page is for operators. It explains what matters in practice: who can access a workspace, how access is granted and revoked, what is recorded, and what Dossira can and cannot see.

If you need the technical detail, see:

1) The model: a workspace with explicit membership

Confidential work breaks down when distribution is unclear. Dossira keeps distribution inside a workspace:

  • a workspace has a defined member list,
  • guests can be invited when needed,
  • access can be removed when the work moves on,
  • work can be sealed when it is done.

This reduces forwarding risk and “unknown copies” spread across inboxes, personal devices, and shared links.

2) Sign-in without password friction

We use passkeys so sign-in is both strong and simple:

  • Face ID / Touch ID / Windows Hello where available,
  • optional hardware security keys for tighter controls.

This avoids the weak point of most “secure portals”: passwords and resets.

We can also use passwords if needed. If we do, we recommend enabling two-factor authentication. Dossira supports authenticator apps for 2FA, and we recommend passkeys as the default. We do not use SMS or email codes for 2FA.

Workspace administrators can require stronger sign-in for the team. Account recovery and 2FA resets are handled through the organization’s admins to reduce social-engineering risk.

3) Encryption is standard — E2EE is optional for the highest sensitivity

Dossira encrypts workspace data. For work that must stay private even from the service provider, we can use an End-to-End Encrypted (E2EE) workspace:

  • encryption happens on member devices,
  • only workspace members hold the keys,
  • Dossira cannot read file contents or file names.

The trade-off is predictable: fewer server-side features and more importance on admin key hygiene.

4) Audit trail and accountability

When work is sensitive, we need clarity:

  • access and key actions can be recorded,
  • membership changes are visible over time,
  • records can support handover and governance.

5) European operating boundary and minimal subprocessors

We keep the stack clean and explainable. Core hosting is on European infrastructure, with minimal third-party services.

For the specific provider list, see: Privacy Policy

6) What Dossira does not do

  • No advertising business model.
  • No tracking across the web.
  • No selling of personal data.
  • E2EE workspaces are provider-blind by design.

Frequently Asked Questions

Is Dossira a portal?
It can replace portal-style workflows, but the model is a workspace: a sealed room with explicit membership, clear versions, and an audit trail—without password friction.
Do guests need accounts?
Guests can be invited with passkeys, so access is strong and phishing-resistant without the usual password reset loop.
Can we revoke access after a project ends?
Yes. Workspace membership is explicit. We can remove members or guests, and we can seal a workspace when the work is complete.
What does end-to-end encryption change?
In an E2EE workspace, Dossira cannot read file contents or file names. The trade-off is fewer server-side features and a stronger requirement for admin key hygiene.