Skip to content

Privacy Policy

Last updated: April 13, 2026

EasyFileUpload ("we," "us," or "our") operates the easyfileupload.io website and file sharing SaaS platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform. We are committed to protecting your privacy in compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.

1. Information We Collect

1.1 Information You Provide

  • Account information: email address, display name, and password when you create an account
  • Files you upload to the platform (stored temporarily and encrypted)
  • Upload settings: titles, descriptions, passwords, and expiry preferences
  • Support requests and communications you send to us
  • Payment details handled by our payment processor (we never see or store your card info)

1.2 Information Collected Automatically

  • IP addresses and approximate geographic location (country-level) for security and regional routing
  • Browser type, operating system, and device information
  • Usage data: pages visited, features used, upload/download activity timestamps
  • Session cookies for authentication and anonymous uploads
  • Google Analytics data for service improvement (anonymized)

1.3 Information We Do Not Collect

  • We do not scan, index, or analyze the contents of your uploaded files beyond automated virus scanning
  • We do not use tracking cookies for advertising purposes
  • We do not collect biometric data or sensitive personal data categories

2. Legal Basis for Processing (GDPR)

Under the GDPR, we process your personal data based on the following legal grounds:

  • Contract performance: Processing necessary to provide the file sharing SaaS platform you requested
  • Legitimate interests: Security monitoring, fraud prevention, service improvement, and analytics
  • Consent: Newsletter subscriptions and optional marketing communications (you can withdraw consent at any time)
  • Legal obligation: Compliance with law enforcement requests, tax requirements, and other legal duties

3. How We Use Your Information

  • Provide, operate, and maintain the file sharing SaaS platform
  • Process your uploads, generate download links, and manage file expiry
  • Authenticate your identity and manage your account
  • Process subscription payments securely through our payment partner
  • Send transactional emails (password resets, email verification, welcome emails)
  • Respond to support requests
  • Monitor and prevent abuse, fraud, and illegal activity
  • Analyze usage patterns to improve the platform (using aggregated, anonymized data)
  • Comply with legal obligations and enforce our terms of service

4. File Storage, Encryption, and Deletion

Encryption: All files are encrypted in transit using TLS 1.2+ and encrypted at rest using AES-256 encryption on Cloudflare R2 storage.

Temporary storage: Files are stored only for the duration determined by your plan and quota (1 hour to 30 days). After the expiry period, files are permanently and irreversibly deleted from all storage systems.

Virus scanning: Uploaded files are automatically scanned for malware. Infected files are quarantined and deleted. We do not read or analyze the content of your files for any other purpose.

One-time downloads: Files set to one-time download mode are permanently deleted immediately after the first successful download.

No backups of user files: We do not create persistent backups of uploaded files. Once deleted, files cannot be recovered.

5. Data Sharing and Third Parties

We do not sell your personal information. We share data only with the following categories of service providers, under strict data processing agreements:

  • Cloudflare: CDN, DDoS protection, DNS, and R2 object storage (files and static assets)
  • Neon: PostgreSQL database hosting (account data, upload metadata)
  • Polar: Payment processing and tax compliance for subscriptions and one-time purchases
  • Resend: Transactional email delivery
  • Google Analytics: Anonymized usage analytics

We may disclose your information if required by law, subpoena, court order, or government request, or to protect the rights, property, or safety of EasyFileUpload, our users, or others.

6. Cookies and Tracking

We use the following cookies:

  • Session cookie: Essential for authentication and anonymous uploads. Expires when you close the browser or after 30 days of inactivity.
  • Authentication tokens: JWT access and refresh tokens stored in localStorage for account login persistence.
  • Google Analytics (_ga, _gid): Used to understand how visitors interact with the site. These cookies collect information in an anonymized form. You can opt out using browser settings or the Google Analytics Opt-out Browser Add-on.

We do not use advertising cookies, social media tracking pixels, or third-party marketing cookies.

7. Your Rights

7.1 GDPR Rights (EU/EEA/UK Residents)

  • Right of access: Request a copy of your personal data
  • Right to rectification: Correct inaccurate personal data
  • Right to erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to restrict processing: Limit how we use your data
  • Right to data portability: Receive your data in a structured, machine-readable format
  • Right to object: Object to processing based on legitimate interests
  • Right to withdraw consent: Withdraw consent at any time for consent-based processing
  • Right to lodge a complaint: File a complaint with your local data protection authority

7.2 CCPA Rights (California Residents)

  • Right to know: What personal information we collect, use, and disclose
  • Right to delete: Request deletion of your personal information
  • Right to opt out: Opt out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination: We will not discriminate against you for exercising your rights

7.3 Exercising Your Rights

You can exercise your rights by: deleting your account in Settings > Danger Zone, contacting us at [email protected], or using the data export features in your account settings. We will respond to all requests within 30 days.

8. HIPAA Disclaimer

EasyFileUpload is a general-purpose file sharing SaaS platform and is not designed to be a HIPAA-compliant platform for storing or transmitting Protected Health Information (PHI). Healthcare providers, health plans, and healthcare clearinghouses ("covered entities") should not use EasyFileUpload to share files containing PHI unless they have implemented their own additional safeguards and have a Business Associate Agreement (BAA) in place. We do not currently offer BAAs. If you require HIPAA-compliant file sharing, please use a service specifically designed for that purpose.

9. Data Retention

  • Uploaded files: Retained only until the expiry period you select, then permanently deleted
  • Account data: Retained as long as your account is active. Deleted within 30 days of account deletion.
  • Anonymous session data: Automatically purged after 30 days of inactivity
  • Server logs: Retained for up to 90 days for security and debugging purposes
  • Payment records: Retained for 7 years as required by tax regulations

10. International Data Transfers

Your data may be processed in data centers located in Singapore, the United States, and the European Union through our infrastructure providers (Cloudflare, Neon). Where data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) and adequacy decisions, as required by the GDPR.

11. Children's Privacy

EasyFileUpload is not intended for use by children under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child, we will take steps to delete that information promptly.

12. Security Measures

  • TLS 1.2+ encryption for all data in transit
  • AES-256 encryption for all data at rest
  • Cloudflare DDoS protection and Web Application Firewall
  • Rate limiting on authentication and upload endpoints
  • Automated virus scanning on all uploads
  • Regular security monitoring and audit logging
  • Password hashing using bcrypt with per-user salts
  • Session token rotation and expiry

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The "Last updated" date at the top indicates the most recent revision. Continued use of the platform after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

For EU/EEA residents: If you are unsatisfied with our response, you have the right to lodge a complaint with your local Data Protection Authority.