Cloud file conversion security model (S3-only, 24h retention)

Name: Cloud file conversion security model (S3-only, 24h retention)
Availability: InStock
Author: maniazi83

by maniazi83·Feb 27, 2026·2 points·2 comments

Visit Project View on HN

AI Analysis

●●SolidSolve My ProblemNiche Gem

S3-only pipeline with transparent security docs, but Zamzar and CloudConvert already do this.

Strengths

•S3-only architecture eliminates local disk risk—genuinely reduces the attack surface compared to traditional worker pools.
•Security documentation is refreshingly concrete: 24h expiry, immediate deletion, TLS 1.3, AES-256, and metadata-only logs are verifiable claims.
•Zero permanent persistence on workers is a real operational constraint that forces good hygiene.

Weaknesses

•File conversion APIs are a solved category; CloudConvert, Zamzar, and AWS Lambda + libvips handle the same workload.
•Landing page shows *architecture*, not differentiation—being transparent about security is table stakes, not a moat.

Post Description

Hi HN — I’m building Docpose.cloud (online file conversion + API). File processing is a trust problem, so I wrote a security + processing architecture page that explains exactly how files move through the system.

Highlights:

S3-only pipeline: workers read from object storage and write results back

No permanent local disk persistence on workers

Source files deleted immediately after processing

Converted files expire after 24 hours by default

Operational logs kept up to 30 days (metadata only, no file contents)

I’m posting this because security questions come up every time someone evaluates file-processing infrastructure. Feedback welcome — especially on what you’d want clarified for a vendor security review.