Last updated: May 8, 2026
Files you upload— stored only as long as the transfer's expiry (Free: 14 days, Pro: until you delete). We never read, scan, sell, or train AI models on file contents.
Account info — email, optional name and avatar, optional password (hashed). For Google sign-in we receive your basic profile (email, name, avatar URL).
Transfer metadata — file names, sizes, upload times, share-link views and downloads. For Pro accounts we keep per-download geolocation (country/city) derived from IP, but the IP itself is hashed with a server-side secret before storage.
Recipients— when you email a transfer link, the recipient address is saved in your private contacts list (so it autocompletes next time). Recipients can't see each other.
No advertising. No third-party tracking pixels. No selling of data. No AI training on your files or messages.
We rely on a small set of vendors strictly to run the service:
We set strictly-necessary cookies for sign-in sessions. No analytics or marketing cookies.
You can export, correct, or delete your data at any time from settings, or by emailing [email protected]. If you're in the EU, you have additional rights under GDPR — including the right to lodge a complaint with your supervisory authority.
Files: deleted when the transfer expires (or when you delete it). Account data: kept while your account is active and removed within 30 days of deletion. Email logs: retained for 90 days for deliverability debugging.
Privacy questions: [email protected].