Accessing the Policies Page
- 1Log in to the web portal with your administrator credentials.
- 2Click the Organization button in the left sidebar to open your organization's settings.
- 3Click the Settings tab in the top navigation.
- 4Click the Policies tab. The Policies page will load.
Note
Only users with Administrator or Sub-Administrator roles can access the Policies page. Changes take effect immediately for all users in the organization.
Organization Policies
The Organization Policies section controls top-level limits and restrictions that apply to the entire organization.
| Setting | What It Does | Notes |
|---|---|---|
| Space Quota | Sets the maximum total storage available to the organization | Determined by your plan. Contact support to increase. |
| Max File Size | Sets the maximum size of a single file that can be uploaded | Default is 25 GB. Contact support to adjust. |
| Excluded Extensions | Prevents files with specified extensions from syncing | Enter comma-separated extensions (e.g., .ds$,.dwl,.dwl2). Useful for blocking system or temp files. |
| User Limit | Maximum number of user accounts allowed in the organization | Determined by your plan. Contact support to add seats. |
| Organization Limit | Maximum number of sub-organizations (if applicable) | Set to 0 for single-organization accounts. |
Tip
The Excluded Extensions field is useful for HIPAA environments — you can block file types that are not needed for clinical or business workflows to reduce your attack surface and storage footprint.
User Settings
User Settings control what individual users can do within the platform. These settings apply to all users in the organization unless overridden at the account level.
| Setting | What It Does | HIPAA Recommendation |
|---|---|---|
| Microsoft 365 Integration | Controls whether users can open and edit files directly in Microsoft 365 (Word, Excel, etc.) | Set to Disabled unless your organization has a specific need. Enabled for Editing allows real-time co-editing via Microsoft 365. |
| Allow Users to Overwrite Collisions? | Permits users to overwrite a file when a sync conflict occurs | Leave unchecked — let the system create conflict copies to preserve all versions. |
| Allow Users to Resolve Multiple Warnings at Once? | Permits users to dismiss multiple sync warnings in a single action | Optional. Useful for power users; no direct HIPAA impact. |
| Allow Users to Lock Files? | Permits users to lock a file to prevent others from editing it simultaneously | Recommended — prevents conflicting edits on shared ePHI documents. |
| Use Filesystem Permissions to Enforce Locks On | Applies OS-level file locks for specified file types | Pre-populated with common Office and document formats. Add any additional formats your organization uses. |
| Force Password Change After (days) | Requires all users to change their password after the specified number of days | Recommended: set to 90 days or fewer for HIPAA compliance. |
| Require Two-Step Authentication? | Forces all users to configure 2FA before they can access their account | Required for HIPAA compliance. Check this box and save. |
Important
Require Two-Step Authentication is the most important security setting on this page. Enable it before any ePHI is stored in AXIS CloudSync. Users who have not yet configured 2FA will be prompted to do so on their next login and cannot access their account until setup is complete.
Trim Settings
Trim Settings control how file version history is managed. AXIS CloudSync stores previous versions of every file — these settings determine how long those versions are kept and who can manage them.
| Setting | What It Does | HIPAA Recommendation |
|---|---|---|
| Allow Users to Roll Back Revisions? | Permits users to restore a previous version of a file | Recommended — enables ransomware recovery and accidental deletion recovery. |
| Allow Users to Erase Revisions? | Permits users to permanently delete version history | Restrict for PHI — version history supports HIPAA audit requirements. Leave unchecked. |
| Auto-Erase Revisions? | Automatically deletes old revisions after a set period | Use with caution. If enabled, set the retention period to meet your HIPAA 6-year documentation requirement. |
| Erase Revisions for Files Unchanged In (days) | Purges revisions for files that have not been modified in the specified number of days | Only enable if you have a specific storage management need. Leave blank to retain all revisions. |
Important
For HIPAA compliance, version history must be retained for a minimum of 6 years. If you enable Auto-Erase Revisions, ensure the retention period is set to at least 2,190 days (6 years). Permanently erased revisions cannot be recovered.
Purge Settings
Purge Settings control how deleted files are handled. When a user deletes a file, it moves to the Deleted Files area and can be restored. Purge settings determine when those deleted files are permanently removed.
| Setting | What It Does | HIPAA Recommendation |
|---|---|---|
| Allow Users to Erase Deleted Files? | Permits users to permanently delete files from the Deleted Files area | Restrict for PHI — only administrators should be able to permanently delete ePHI. |
| Auto-Erase Deleted Files? | Automatically purges deleted files after a set number of days | Use with caution. Set retention to meet your 6-year HIPAA requirement if enabled. |
| Erase Deleted Files After (days) | Number of days before deleted files are automatically purged | Set to 2,190 (6 years) or leave blank to retain indefinitely. |
Backup Settings
Backup Settings provide a second layer of revision and deletion management, separate from the Trim and Purge settings above.
| Setting | What It Does | Notes |
|---|---|---|
| Auto-Erase Revisions? | Automatically purges old revisions on a schedule | Works in conjunction with Trim Settings. Set consistently. |
| Erase Revisions for Files Unchanged In (days) | Purges revisions for files that have not changed in the specified period | Leave blank to retain all revisions unless storage constraints require otherwise. |
| Auto-Erase Deleted Files? | Automatically purges deleted files on a schedule | Works in conjunction with Purge Settings. |
| Erase Deleted Files After (days) | Number of days before deleted files are automatically purged under Backup Settings | Coordinate with your Purge Settings to avoid conflicting retention periods. |
API Settings
API Settings control how long API tokens remain active before they are automatically deactivated. API tokens are used by integrations, scripts, and third-party tools to access AXIS CloudSync programmatically.
| Setting | What It Does | HIPAA Recommendation |
|---|---|---|
| Deactivate API Tokens After (days) | Automatically expires API tokens after the specified number of days. Default is 30 days if left blank. | Set to 30 days or fewer. Regularly rotating API tokens limits the window of exposure if a token is compromised. |
Tip
If your organization uses API integrations (e.g., automated backup scripts or PSA connectors), coordinate with your IT team before changing this value — expired tokens will break integrations until new tokens are issued.
Bandwidth Settings
Bandwidth Settings allow administrators to limit the upload and download speed of the AXIS CloudSync desktop client. This is useful for organizations where sync activity competes with other business-critical network traffic.
| Setting | What It Does | Notes |
|---|---|---|
| Throttle Bandwidth (KB/s) | Limits the desktop client's upload and download speed. Set to 0 for unlimited. | Useful in bandwidth-constrained environments (e.g., medical offices with shared internet connections). |
| Enable Throttle Exception | Allows specific users or machines to bypass the bandwidth throttle | Use for power users or servers that need unrestricted sync speed. |
HIPAA Configuration Summary
For a HIPAA-compliant AXIS CloudSync environment, apply the following settings on the Policies page:
- ☑ Require Two-Step Authentication — checked
- ☑ Force Password Change After — set to 90 days or fewer
- ☑ Allow Users to Lock Files — checked
- ☑ Allow Users to Roll Back Revisions — checked (enables ransomware recovery)
- ☑ Allow Users to Erase Revisions — unchecked (preserve version history for 6-year retention)
- ☑ Allow Users to Erase Deleted Files — unchecked (admin-only deletion for ePHI)
- ☑ Deactivate API Tokens After — set to 30 days
- ☑ Excluded Extensions — add any file types not used in your workflows
Important
These settings address the technical safeguard requirements of the HIPAA Security Rule within AXIS CloudSync. They do not replace the need for a signed BAA, user training, a documented Risk Analysis, or endpoint security controls (full-disk encryption, MDM). Contact [email protected] or call 1-866-232-2211 if you need assistance configuring your environment.