Legal

Privacy Policy

Effective date: April 12, 2026

1. Introduction

fileshare.ing is a file sharing and static site hosting service. This Privacy Policy explains what data we collect, why we collect it, and how we use it. The short version: we collect only what we need to run the service, we do not sell your data, and we are transparent about every third party that touches it.

"fileshare.ing," "we," "us," and "our" refer to the operators of this Service. "You" refers to any visitor, anonymous user, or registered account holder.

We designed this service to work without an account. Anonymous users share no account information with us. We do store IP addresses for abuse prevention and rate limiting — see Section 2 for details and retention periods.

2. Information We Collect

Anonymous users (no account)

  • IP address — stored and used for rate limiting, abuse fingerprinting, and enforcement of the 3-uploads-per-day anonymous limit. Raw IPs are retained for up to 30 days and then deleted.
  • File metadata — filename, file size, MIME type, SHA-256 content hash, and upload timestamp.
  • Cloudflare Turnstile CAPTCHA signals — processed by Cloudflare during CAPTCHA verification. We receive a pass/fail result only; we do not receive the underlying signals.

Registered users

  • Email address and hashed password (bcrypt).
  • Organization name and any other details you add to your account.
  • File metadata for all files you upload (same as above, plus project assignment and expiry configuration).
  • Billing information — handled entirely by Stripe. We never see or store your card number, CVV, or full card details. We store only your Stripe customer ID and subscription status.

Automatically collected data

  • Download analytics — for each download event: IP address, country, device type, browser, referrer URL, and timestamp. IPs in analytics are retained for up to 30 days then deleted.
  • Session cookie — one cookie storing your authentication token, set when you log in. No tracking cookies are set by us.
  • Server logs — standard web server access logs (path, response code, timestamp) retained for up to 30 days for debugging and abuse investigation.

3. How We Use Your Information

We use the data we collect to:

  • Provide the core service: store your files, generate short links, serve downloads.
  • Enforce plan limits: check storage, daily upload counts, and file size caps at the Organization level.
  • Detect and prevent abuse: rate limiting by IP fingerprint, content hash matching against known-abusive files, processing abuse reports.
  • Send transactional emails: account verification, password reset, billing receipts, and pre-expiry warnings for files nearing deletion. We do not send marketing emails unless you opt in.
  • Process payments and manage subscriptions (via Stripe).
  • Improve the service: aggregate, anonymized analytics on upload volumes, file types, and download activity.

4. File Storage & Retention

All uploaded files are stored on Cloudflare R2, hosted in US-based data centers. Files are deleted automatically based on the plan active at the time of upload:

  • Anonymous upload — deleted 24 hours after upload.
  • Free account — deleted 7 days after upload.
  • Starter account — deleted 90 days after upload.
  • Pro account — permanent until you delete the file or close your account.

When a file is deleted or expires, it is permanently removed from storage. We do not retain backups of user content. Account deletion removes all files associated with that account within 30 days.

5. Third-Party Services

We rely on the following third-party services to operate. Each one receives only the data it needs to do its job.

Cloudflare R2 — File storage

All uploaded files are stored on Cloudflare R2. Files are served directly from R2 via Cloudflare's CDN. Cloudflare's privacy policy applies to data processed through their infrastructure.

Cloudflare Turnstile — CAPTCHA

Anonymous uploads require completing a Cloudflare Turnstile CAPTCHA. Turnstile processes your IP address and browser signals during verification to determine whether you are human. We receive only a pass/fail token. Cloudflare's privacy policy governs this processing.

Stripe — Payment processing

Stripe handles all payment processing for paid accounts. Stripe receives your card details, billing address, and payment history directly. We receive only a customer ID and subscription status. Stripe's privacy policy applies.

Adsterra — Display advertising

Free download pages (anonymous and free-account files) display a single banner advertisement served by Adsterra. Adsterra may set advertising cookies on visitors to those pages. Ads are not shown on paid-account download pages, dashboard pages, or any other part of the application. Adsterra's privacy policy governs their data collection.

AWS — Backend infrastructure

Our application servers and database run on Amazon Web Services (AWS) in the United States. AWS processes data incidentally as our infrastructure provider. AWS's privacy policy applies.

6. Cookies

We use one first-party cookie: a session cookie that stores your authentication token when you are logged in. This cookie is necessary for the service to function. It is deleted when you log out or when it expires.

We do not set tracking cookies, analytics cookies, or advertising cookies of our own. Adsterra, as described above, may set advertising cookies when you visit a free download page. You can block these using standard browser cookie controls or an ad blocker.

7. Data Sharing

We do not sell, rent, or trade your personal data. We share data only in these circumstances:

  • With service providers listed in Section 5, limited to what they need to perform their function.
  • With law enforcement or government authorities when required by a valid legal order, subpoena, or court order. Where legally permitted, we will notify you before disclosing.
  • In connection with a merger, acquisition, or sale of assets — you will be notified before your data is transferred to a new entity.
  • To protect the rights, property, or safety of fileshare.ing, our users, or the public, where disclosure is reasonably necessary.

8. Children's Privacy

The Service is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, contact us at privacy@fileshare.ing and we will delete it promptly.

Child sexual abuse material (CSAM) is strictly prohibited. Any such content is immediately removed, the relevant account terminated, and the incident reported to the National Center for Missing and Exploited Children (NCMEC) and relevant law enforcement.

9. Your Rights (GDPR / CCPA)

Depending on where you live, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Correction — request correction of inaccurate or incomplete data.
  • Deletion — request deletion of your account and associated data. Deleting your account removes all your files and personal data from our systems within 30 days.
  • Portability — request your data in a structured, machine-readable format.
  • Objection / restriction — object to or request restriction of certain processing activities.

To exercise any of these rights, email privacy@fileshare.ing. We will respond within 30 days. If you are an EU or UK resident and believe we have not addressed your concern, you have the right to lodge a complaint with your local data protection authority.

California residents: under CCPA, you have the right to know what personal information we collect, to request deletion, and to opt out of the sale of your data. We do not sell personal data.

10. Data Security

We apply the following security measures:

  • All data in transit is encrypted using TLS.
  • Files at rest are encrypted by Cloudflare R2's storage layer.
  • Passwords are hashed with bcrypt — we cannot recover or read your password.
  • IP addresses are retained for up to 30 days for abuse investigation, then permanently deleted.
  • Access to production infrastructure is restricted to authorized personnel and requires multi-factor authentication.

No system is perfectly secure. In the event of a data breach that affects your personal information, we will notify you and the relevant authorities as required by applicable law.

11. International Data Transfers

fileshare.ing operates from and stores data in the United States. If you access the Service from the European Union, United Kingdom, or other regions with data transfer regulations, your data will be transferred to and processed in the US.

For transfers from the EU/EEA, we rely on Standard Contractual Clauses (SCCs) as the legal mechanism for international transfer, in accordance with GDPR requirements.

12. Changes to This Policy

We may update this Privacy Policy from time to time. For non-material changes (corrections, clarifications), we will update the effective date on this page. For material changes that affect how we use your personal data, we will notify registered users by email at least 14 days before the change takes effect.

Continued use of the Service after the effective date of a policy update constitutes acceptance of the updated policy.

13. Contact

For privacy questions, data requests, or concerns, contact us at privacy@fileshare.ing.

For general support, use support@fileshare.ing.