Security at pdrive
pdrive stores plaintext documents. That simplicity makes security easier to reason about, but it doesn't mean we skip the hard parts.
Every file upload is scanned for secrets and validated as real text before it's accepted. Every state change is logged with the user, session, and IP address that triggered it. Access control is enforced at the account, project, and API key level.
What we cover
Audit log tracks every action across your account with structured logs, filtered search, and CSV export.
Authentication supports OAuth login (GitHub, with more providers coming) and automatic session invalidation when credentials change.
Content protection scans uploads for leaked secrets, strips dangerous unicode, and sanitizes rendered HTML.
Access control enforces role-based permissions, API key scoping, rate limits, and project visibility settings.
Our approach
We default to restrictive. New projects are private. API keys are read-only unless you upgrade them. Rate limits are enforced per plan.
When something changes in your account, it's logged. When something looks wrong in an upload, it's rejected. We'd rather block a valid file than let a dangerous one through.