> ## Documentation Index
> Fetch the complete documentation index at: https://docs.formbase.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Security Considerations

> Keep file uploads safe and private.

File uploads are powerful, but they also introduce security concerns. Formbase stores files in your S3-compatible bucket and returns a signed URL for access.

Use the practices below to keep uploads secure.

<Steps>
  <Step title="Keep buckets private">
    Store files in private buckets and rely on signed URLs for access instead of public objects.
  </Step>

  <Step title="Validate on the client">
    Enforce file size and type limits in your UI to prevent accidental or malicious uploads.
  </Step>

  <Step title="Scan or review uploads">
    If you process user uploads, run them through malware scanning or manual review before using them in downstream workflows.
  </Step>
</Steps>

<Callout type="note">
  Formbase does not inspect file contents or enforce MIME types. If you need strict controls, validate before forwarding uploads.
</Callout>