Privacy Policy — Overview

We prioritize transparency and security. Below is a clear breakdown of the data we collect, how we use it, file handling practices, retention, and your rights as a user. If you upload files to our service, please read the file privacy section carefully.

What We Collect

  • Email, IP address, and upload logs.
  • Metadata associated with files (file size, file type, timestamps).
  • Cookies for login and session management.

How We Use the Data

  • To provide core service functionality (file uploads, downloads, account features).
  • To prevent abuse such as spam, illegal uploads, or policy violations.
  • For security, analytics, and service improvements (diagnostics, monitoring, performance).

File Privacy (important)

We aim to be explicit about how files are handled:

  • Encrypted at rest: We recommend stating your choice here — e.g. "Yes — files are encrypted at rest using AES-256."
  • Encrypted in transit: Files are transferred over TLS (HTTPS) to protect data in transit.
  • Access model: Files are accessible via unique links (if that is your chosen model). Clarify whether links are guessable or require authentication.
  • Malware scanning: Clarify if you scan uploads for malware. If you do, state whether scanning is automatic, which engines are used (if applicable), and the limits (e.g. possible false positives).

Tip: If you handle particularly sensitive files, clearly document retention and deletion workflows so users know how to remove files permanently.

Data Sharing

We generally do not share user data except:

  • With hosting / CDN providers as necessary to store and deliver files.
  • When required by law (e.g., valid subpoena, court order) — we will follow legal processes and notify users where permitted.

User Rights

  • Users can delete individual files and their account through account settings or by contacting support.
  • Users may request data removal (right to be forgotten) or export of their personal data (data portability).

Retention Policy

State how long files and logs are stored. Example options you might include:

  • Temporary files: retained for X days (e.g., 30 days) after upload unless the user deletes them earlier.
  • Account logs & metadata: retained for Y months (e.g., 12 months) for security and abuse prevention.
  • Explicitly note exceptions for legal holds or investigation requirements.

Opinion & Best Practices

Your Privacy Policy is vital for user trust. Make it clear, detailed, and transparent — especially about file handling, encryption, and deletion paths. If you scan uploads, explain why and how. If you share data with third parties (hosts, analytics), name categories and provide links to their privacy terms when possible.