Skip to main content

Uploads and media

Uploads support chat attachments, profile images, organisation logos, project logos, and file references in docs or AI workflows.

Files are stored on the backend filesystem at the configured upload storage path. Metadata is stored in the database.

Storage location

The upload storage path is configured by upload_storage_path in tow.yaml.

The default Docker path is:

/app/data/uploads

The Docker Compose deployment mounts /app/data on the tow_backend_data volume, so uploaded files persist across container rebuilds when that volume is preserved.

warning

Do not run production uploads on an ephemeral container filesystem. If the upload volume is deleted or not mounted, the database can still contain attachment records but the file content will be missing.

Upload size

The maximum upload size is controlled by upload_max_bytes in tow.yaml.

The example configuration sets:

26214400

That is 25 MiB. Files over the configured limit are rejected.

Supported media behavior

General uploads accept ordinary files and preserve the original filename after sanitizing unsafe characters.

Image-specific upload flows require a valid raster image:

  • Profile image.
  • Organisation logo.
  • Project logo.

Invalid image files are rejected even if the filename looks like an image. Accepted images are checked before they are used by model input or rendered as profile and logo media.

Permissions

Upload access depends on the attachment owner and organisation context.

Attachment typeWho can read it
Your own uploadYou can read it.
Organisation uploadMembers of that organisation can read it.
Another member's profile imageMembers of the active organisation can read it when both users belong to that organisation.
Server adminServer admins can read attachments for support and administration.

Only organisation admins can upload organisation logos or upload profile images on behalf of another member. Project logo uploads require project manage permission.

AI and uploaded files

When a chat message or tool result references an uploaded image or supported file, the backend can attach that file content to the model request. The upload remains stored in TOW; the model receives the content needed for the request.

OpenAI Responses API calls are sent with store=false. See Security and AI data controls for the AI data policy.

Operational controls

For enterprise deployments:

  • Back up the upload volume with the database.
  • Monitor disk usage under the upload storage path.
  • Limit upload size to what the organisation can reasonably review and retain.
  • Treat uploaded files as confidential unless your organisation classifies them otherwise.
  • Include upload restore checks in disaster recovery testing.