Show HN: Cloud file conversion security model (S3-only, 24h retention)

[maniazi83]

Hi HN — I’m building Docpose.cloud (online file conversion + API). File processing is a trust problem, so I wrote a security + processing architecture page that explains exactly how files move through the system.

Highlights:

S3-only pipeline: workers read from object storage and write results back

No permanent local disk persistence on workers

Source files deleted immediately after processing

Converted files expire after 24 hours by default

Operational logs kept up to 30 days (metadata only, no file contents)

I’m posting this because security questions come up every time someone evaluates file-processing infrastructure. Feedback welcome — especially on what you’d want clarified for a vendor security review.

[maniazi83]

One thing we intentionally avoided was long-term storage. Many file tools quietly retain inputs longer than users expect.

Our default model is:

Source deleted immediately after processing

Converted output expires after 24h

Logs retained up to 30 days (metadata only)

No file contents stored in logs

If anyone here runs file-processing infrastructure, I’d genuinely love to know — what retention window do you consider reasonable for this category?

[maniazi83]

Extra context: the goal was to be concrete (data lifecycle, retention, logs) rather than generic “we take security seriously” language. If there’s any security review question you’d expect answered on this page (sandboxing detail, threat model, key mgmt, etc.), tell me what’s missing and I’ll update it.