Legal

PhotonFile Logo

PhotonFile - Privacy Policy

Last updated:

By using PhotonFile, you agree to the practices described in this policy.

PhotonFile is privacy-first: no content storage, no analytics or behavioral tracking scripts, minimal metadata strictly for operations and reliability, and an Ephemeral File Transfer relay that keeps file data in memory only while it is in motion.

1. What We Don't Do

  • We do not store your files or inspect their contents.
  • We do not sell data, run ads inside the product, or use analytics, fingerprinting, or behavioral tracking scripts. We may load a limited Google Ads measurement tag solely to record an aggregate, event-based conversion (for example, when a transfer is initiated from an ad). We do not use this for in-product profiling and we do not link ad measurement events to individual transfer records.
  • We do not maintain user profiles tied to individual transfers. If you create an account to purchase File Passes, account and billing records are kept separately from transfer activity.
  • We do not log or retain your client-side encryption keys or decrypted file contents.

2. Minimal Operational Data

We collect only what's necessary to operate and secure the Service:

  • Connection metadata (session identifiers, retry counts, transfer duration, and routing diagnostics) required to operate the service.
  • Error/system logs to improve reliability and detect abuse.
  • Payment references (transaction IDs) from third-party processors; we do not store card data.
  • Support messages you send us.

IP addresses are processed at the network edge for security, routing, and abuse prevention (for example by CDN/WAF providers such as Cloudflare). PhotonFile's application is designed to avoid retaining client IP addresses in its core application logs under normal operation, but some IP-related data may exist in provider logs or security telemetry for limited periods.

We do not link advertising measurement events to operational logs or to identifiable user profiles.

We do not log the decryption keys used for client-side encryption, and we do not attempt to reconstruct decrypted file contents from operational logs.

Operational logs are pruned and may be anonymized on a rolling basis.

3. File Transfers

PhotonFile streams data between peers over TLS using an Ephemeral File Transfer relay. Limited transient data may exist in memory on our relay nodes during active sessions, and is cleared when sessions end. We do not persist file contents to server storage as part of the transfer flow. We do not provide a hosted storage inbox or retained download link to a stored copy.

For supported browsers, you may optionally enable client-side encryption. In that mode, your file is encrypted in your browser before any bytes are sent to the relay. The decryption key is encoded into the URL fragment (the part after #...), which is not sent to our servers as part of normal HTTP requests.

This means our relays only see encrypted chunks and basic routing metadata. Only someone you share the full link with (including the fragment) can decrypt the content.

4. Cookies and Local Storage

We do not use tracking cookies for analytics or behavioral profiling. We may use strictly necessary cookies to maintain an active session (for example, to keep you signed in or to keep a transfer session active). Some third-party services that we use for payment processing or advertising conversion measurement may set or read cookies for their own purposes, subject to their policies.

We may use browser storage (for example, local storage) to remember basic preferences such as your theme choice or last used settings. This data stays in your browser and is not used for cross-site tracking or advertising.

5. Payments

Payments are processed by third parties such as Stripe (PCI-DSS compliant). PhotonFile does not collect or store credit card details. We may retain transaction references for confirmation and accounting.

6. Security

  • TLS-encrypted connections only.
  • Session tokens for peer authentication.
  • Optional client-side encryption of file contents in supported browsers, with keys kept on the client side.
  • Hardened servers and monitoring for unauthorized access.

No system is perfectly secure, but PhotonFile minimizes exposure by avoiding data retention wherever possible and by keeping file data in memory only for the duration of an active transfer.

7. Data Retention

  • Operational logs (non-content) generated by PhotonFile's application servers are typically retained 7-30 days and then deleted. These logs do not include file contents or client IP addresses.
  • Payment confirmations are retained as required by law and accounting.
  • No retention of file contents beyond session lifetime.

8. Your Rights

You may request deletion of support communications and ask what operational data relates to your usage. Contact [email protected].

9. Third-Party Services

We rely on limited providers (e.g., payment processors, advertising measurement, infrastructure, and network/CDN security). Their policies apply to their services. We aim to choose providers that are aligned with a privacy-respecting, low-retention approach.

PhotonFile operates an EU region (Frankfurt, Germany) for EU users who create accounts to purchase File Passes. Account and billing records for EU accounts are processed and stored within the EU. File contents are not stored as hosted uploads as part of the transfer flow.

10. Updates

We may update this policy. Continued use after changes constitutes acceptance. The current version is posted at /privacy.

11. Contact

Email: [email protected]

12. GDPR

You can find GDPR-specific information here: GDPR.

Back to top