Privacy policy
What SecureTransfer collects, what remains encrypted, and what the server can and cannot access.
SecureTransfer is designed so file contents are encrypted before upload. We cannot read your files because the decryption key is not sent to our server.
Data processed
- Encrypted file blobs.
- Transfer metadata: size, file count, expiry, download count, view count, and configured download limits.
- Sender email if provided.
- Recipient emails if provided.
- Payment data handled through Stripe for paid transfers.
- Basic server, operational, and security logs.
Data not processed in plaintext
- File contents.
- Text share contents.
- Key/value share contents.
- Decryption keys.
Retention
Transfers expire automatically based on the selected expiry. Files may be deleted when a transfer expires, is deleted, or becomes unavailable after a configured download limit is reached.
Expired transfers are scheduled for deletion by automated cleanup. Operational backups and logs may have separate retention periods for reliability and security.
Third parties
- Cloudflare R2 is used for encrypted storage.
- Stripe is used for paid transfers.
- An email provider/API may be used for sender and recipient notifications.
If privacy-friendly analytics are enabled, they are used only to understand aggregate usage and do not include file names, contents, emails, share links, or decryption keys.
Contact
For privacy questions, contact Clevero AB through clevero.se.