Efficient protection against document leakage and misuse

Encryption and much more for those who want to control who accesses their documents

Learn more »

Hassle-free protection for any document type

DocSecurity can protect any document type through industry standard encryption, data and application control. Protection is applied transparently to the user.

View details »

Compatible with present and future Windows apps

Unlike other products, DocSecurity is able to allow almost any commercial or custom software access documents in a safe manner:

  • Apps must be authorized first to be able to access the content of the encrypted files.
  • Operations (e.g. print) can be restricted inside apps working with protected files.
  • Network connections can be restricted too.

View details »

No 3rd parties. Regulatory compliance ready

Protection is applied locally. Actions performed on protected files are tracked for audit purposes.

  • The encryption keys are created and stored on your network. No cloud or other services are used.
  • Reports can be generated to comply with regulations like PCI-DSS, HIPAA, SOX and others.
  • Support for compliance with EU and German data privacy laws.

View details »


How it works

DocSecurity is an agent based solution which enforces data protection on each Windows workstation that processes sensitive files. It is able to protect documents in every situation: when they are stored on drives, when they travel (no matter how or where) and when their content is processed by authorized applications (no matter which).

DocSecurity relies on Active Directory and most of the work is performed in the background so that users are not impacted in a negative manner when they work with documents. It is also easy to setup, configure and run DocSecurity as this requires only a few steps:


Product details

DocSecurity is currently under development and it implements the following features:

Document protection

DocSecurity can protect any document by using standard encryption based on Windows EFS and an internal engine that uses AES and RSA algorithms.
Encryption can be turned on and off manually. This can be done at file level through the pop-up menu in Windows Explorer or other file managers.

When protected documents are sent across the network, they travel in an encrypted format. Upon arrival at destination, if a DocSecurity agent is present on the machine, a protected file is automatically recognized by DocSecurity when it is saved on the local disk and the protection settings are enforced on that document.

Works with any Windows application

Other protection solutions on the market are only compatible with few applications. That means that only those apps are able to open and process the decrypted content of the protected files in a secure manner. For instance, some solutions can encrypt PDF files, but users will be able to view such files only with a custom, compatible viewer. Furthermore, some products are not compatible with Adobe Acrobat Reader, which can be annoying for many. DocSecurity doesn’t have this limitation. With DocSecurity protected PDF files can be opened by Adobe Acrobat Reader or any other PDF reader users may like.

When DocSecurity is active, protected documents can only be accessed by authorized applications. To properly recognize these applications, DocSecurity relies on profiles which include various information about applications e.g. the name of the main executable, signature details, dlls, etc. These definitions can be created on imported in the main interface so that users are free to authorize any application they want.

DocSecurity offers, out-of-the-box, profiles for the most common document processors. A dedicated tool is also included in the product so that users can easily profile any commercial or custom application they like.

Authorized applications can open the decrypted content of a protected document, but this is not all. DocSecurity also controls what users do with that content once it is open. This is possible through operational rights defined for each user. These rights specify which sensitive operations are allowed or blocked while working with documents: e.g. copy/paste, print, print screen, etc.

Additionally, for each authorized application, one can also restrict the network connections performed while working with documents to make sure there is no underground network activity that can expose the document data to unauthorized sites or services.

An important feature that makes DocSecurity different from other products is the way copy/paste operations are handled: to avoid impacting users in a negatively manner, copy/paste is not blocked totally, but it is allowed between authorized applications. That means, for example, that users are always allowed to copy information from Microsoft Word into Microsoft Excel if they are both authorized, but unless the proper rights are enabled, they will be blocked from copying data from Microsoft Word and pasting it into unauthorized programs like Outlook or Notepad or a browser, etc.

Compliance ready

DocSecurity was designed to ensure data protection and privacy in mind, so all the keys and certificates used to encrypt documents are created and stored locally. Unlike other protection solutions, DocSecurity does not rely on cloud or other 3rd party services to apply protection nor to intermediate the transfer or storage of the protected files. Everything is controlled and works within the local network. This approach makes DocSecurity a very useful tool to ensure compliance with different data protection regulations like: PCI-DSS, HIPAA, SOX, GLBA and many others.

Through specially designed reporting features, DocSecurity is also useful to companies that need to be compliant with particular European data privacy regulations like the ones from Germany, Austria and Switzerland.


Contact us

For more technical information send an email to office@temasoft.com.