Legal

PhotonFile Logo

PhotonFile

Privacy Policy

Last updated:

By using PhotonFile, you agree to the practices described in this policy.

PhotonFile offers two different data paths. Relay is designed for ephemeral live transfer and keeps file data in memory only while it is in motion. Photon Vault is persistent client-side encrypted storage for files you choose to keep. Across both products, PhotonFile minimizes retained data, avoids behavioral tracking, and limits data processing to what is needed for operations and reliability.

1. What We Don't Do

  • We do not store Relay file contents as hosted uploads or retained download links, and we do not inspect decrypted file contents.
  • Photon Vault stores encrypted data for files you choose to keep, but PhotonFile is designed not to have the keys needed to decrypt vault contents.
  • We do not sell data, run ads inside the product, or use analytics, fingerprinting, or behavioral tracking scripts. We may load a limited Google Ads measurement tag after consent to record aggregate, event-based conversions such as paid purchases from ads. We do not use this for in-product profiling and we do not link ad measurement events to individual transfer records.
  • We do not maintain user profiles tied to individual transfers. If you create an account to purchase File Passes, account and billing records are kept separately from transfer activity.
  • We do not log or retain your client-side encryption keys or decrypted file contents.

2. Minimal Operational Data

We collect only what's necessary to operate and secure the Service:

  • Connection metadata (session identifiers, retry counts, transfer duration, and routing diagnostics) required to operate the service.
  • Error/system logs to improve reliability and detect abuse.
  • Payment references (transaction IDs) from third-party processors; we do not store card data.
  • Support messages you send us.

IP addresses are processed at the network edge for security, routing, and abuse prevention (for example by CDN/WAF providers such as Cloudflare). PhotonFile's application is designed to avoid retaining client IP addresses in its core application logs under normal operation, but some IP-related data may exist in provider logs or security telemetry for limited periods.

We do not link advertising measurement events to operational logs or to identifiable user profiles.

We do not log the decryption keys used for client-side encryption, and we do not attempt to reconstruct decrypted file contents from operational logs.

Operational logs are pruned and may be anonymized on a rolling basis.

3. Relay Transfers and Vault Storage

PhotonFile streams Relay data between peers over TLS using an Ephemeral File Transfer relay. Limited transient data may exist in memory on relay nodes during active sessions, and is cleared when sessions end. We do not persist file contents to server storage as part of the Relay transfer flow, and we do not provide a hosted storage inbox or retained download link to a stored copy.

For supported browsers, you may optionally enable client-side encryption during Relay transfers. In that mode, your file is encrypted in your browser before any bytes are sent to the relay. The decryption key is encoded into the URL fragment (the part after #...), which is not sent to our servers as part of normal HTTP requests.

Photon Vault is different. Vault is persistent client-side encrypted storage. Files you choose to store in Vault are kept as encrypted data so authorized clients can access them later. PhotonFile stores encrypted vault data and operational metadata, but Vault is designed so PhotonFile does not have the keys needed to decrypt vault contents.

For Maximum Privacy Vaults, filenames, folder names, plaintext file hashes, and plaintext search queries are also designed to stay out of server-visible storage and logs. PhotonFile still needs limited operational metadata such as account identifiers, object identifiers, sizes, timestamps, folder relationships, permissions, and access or search patterns to operate the service.

4. Cookies and Local Storage

We do not use tracking cookies for analytics or behavioral profiling. We may use strictly necessary cookies to maintain an active session (for example, to keep you signed in or to keep a transfer session active). Some third-party services that we use for payment processing or advertising conversion measurement may set or read cookies for their own purposes, subject to their policies.

We may use browser storage (for example, local storage) to remember basic preferences such as your theme choice or last used settings. This data stays in your browser and is not used for cross-site tracking or advertising.

For Google Ads conversion measurement, PhotonFile asks for consent before loading the Google Ads measurement tag or storing ad attribution identifiers such as click IDs. You can update that choice here: .

5. Payments

Payments are processed by third parties such as Stripe (PCI-DSS compliant). PhotonFile does not collect or store credit card details. We may retain transaction references for confirmation and accounting.

6. Security

  • TLS-encrypted connections only.
  • Session tokens for peer authentication.
  • Optional client-side encryption of file contents in supported browsers, with keys kept on the client side.
  • Hardened servers and monitoring for unauthorized access.

No system is perfectly secure, but PhotonFile minimizes exposure by avoiding data retention wherever possible and by keeping file data in memory only for the duration of an active transfer.

7. Data Retention

  • Operational logs (non-content) generated by PhotonFile's application servers are typically retained 7-30 days and then deleted. These logs do not include file contents or client IP addresses.
  • Payment confirmations are retained as required by law and accounting.
  • Relay file contents are not retained beyond the active session lifetime.
  • Vault data persists until you delete it or the applicable plan or product policy removes it, such as the cleanup window on the free Vault tier.

8. Your Rights

You may request deletion of support communications and ask what operational data relates to your usage. Contact [email protected].

9. Third-Party Services

We rely on limited providers for specific functions, including Stripe for payments, Cloudflare for CDN, WAF, security, and abuse prevention, and Google Ads for consent-based conversion measurement. Their policies apply to their services. We aim to choose providers that are aligned with a privacy-respecting, low-retention approach.

PhotonFile operates an EU region (Frankfurt, Germany) for EU users who create accounts to purchase File Passes. Account and billing records for EU accounts are processed and stored within the EU. File contents are not stored as hosted uploads as part of the transfer flow.

10. Updates

We may update this policy. Continued use after changes constitutes acceptance. The current version is posted at /privacy.

11. Contact

Email: [email protected]

12. GDPR

You can find GDPR-specific information here: GDPR.

Back to top