Contents
8fs.io is operated by 8fs ("we," "us," or "our"). We are the data controller for personal data collected through the Service. Our contact for privacy matters is privacy@8fs.io.
When you create an account we collect:
When you use the Service we collect:
When a Recipient opens a Delivery Link we may collect:
We do not create profiles of Recipients. We do not use Recipient data for advertising. Recipients do not need an account and we do not contact them unless they initiate contact with us.
For all users of the Service, we may collect:
If you contact us by email or use any contact form, we retain the contents of that communication to respond to your query.
| Purpose | Data used |
|---|---|
| Providing the Service (storing and delivering files) | Account data, file content, file metadata |
| Authentication and account management | Account data |
| Billing and subscription management | Account data, payment data |
| Transactional emails (upload confirmation, download notifications, trial reminders) | Account email |
| Security, abuse prevention, and rate limiting | IP addresses, file hashes, request metadata |
| File integrity verification | File hash (SHA-256), upload timestamp |
| Service improvements and bug fixing | Usage data, technical data, error logs |
| Legal compliance and responding to lawful requests | All data categories as required |
We do not sell your personal data. We do not use your data or file contents for advertising or marketing to third parties.
If you are located in the European Economic Area (EEA), UK, or Switzerland, we process your personal data on the following legal bases:
We use the following third-party services to operate the Service. Each is bound by contractual data protection obligations.
| Provider | Purpose | Location | Privacy policy |
|---|---|---|---|
| Cloudflare, Inc. | Infrastructure, CDN, file storage (R2), compute (Workers), DNS | USA (global CDN) | cloudflare.com/privacypolicy |
| Clerk, Inc. | User authentication and session management | USA | clerk.com/privacy |
| Resend, Inc. | Transactional email delivery | USA | resend.com/privacy |
We do not share your personal data with any other third party except: (a) as described in this policy; (b) with your explicit consent; (c) to comply with a legal obligation or valid court order; or (d) to protect the rights, property, or safety of 8fs, our users, or others.
In the event of a merger, acquisition, or sale of substantially all of our assets, personal data held by us may be transferred to the acquiring entity, subject to the same protections described in this policy.
| Data type | Retention period |
|---|---|
| Uploaded files | Until expiry as set by the uploader (2 hours to 90 days). Deleted automatically on expiry. |
| File metadata and hashes | 30 days after file expiry, then deleted. |
| Account data | For the life of the account plus 90 days after deletion. |
| Billing records | 7 years (as required for tax and accounting purposes). |
| Abuse and security logs | 90 days. |
| Email communications | 2 years from the last communication. |
You may request deletion of your account and associated personal data at any time by emailing privacy@8fs.io. Billing records may be retained as required by law regardless of account deletion.
We are a globally accessible service. Your data may be stored and processed in countries outside your country of residence, including the United States, where our primary infrastructure providers (Cloudflare, Clerk, Resend) operate.
Where we transfer personal data from the EEA, UK, or Switzerland to countries without an adequacy decision, we rely on appropriate safeguards such as the EU Standard Contractual Clauses (SCCs) or equivalent mechanisms as required by applicable law. You may request a copy of applicable transfer mechanisms by contacting privacy@8fs.io.
If you are located in the EEA, UK, or Switzerland, you have the following rights regarding your personal data:
To exercise these rights, email privacy@8fs.io. We will respond within 30 days. We may ask you to verify your identity before acting on a request.
You also have the right to lodge a complaint with your local data protection authority.
If you are a California resident, you have the right to: (a) know what personal information we collect and how it is used; (b) request deletion of your personal information; (c) opt out of the sale of your personal information (we do not sell personal information); and (d) non-discrimination for exercising your privacy rights.
To submit a CCPA request, email privacy@8fs.io with "CCPA Request" in the subject line.
The dashboard application (app.8fs.io) uses cookies and similar technologies for the following purposes:
The public landing page (8fs.io) and delivery pages (8fs.io/d/*) do not set tracking or advertising cookies. We do not use third-party advertising networks or cross-site tracking technologies.
Cloudflare may set a __cf_bm cookie on our domains for bot management purposes. This is a security cookie and does not track you across other websites.
The Service is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected such data, please contact us at privacy@8fs.io and we will delete it promptly.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. We will notify you of material changes by email or by posting a notice in the dashboard at least 14 days before the changes take effect. The "Last updated" date at the top of this page indicates when the policy was last revised.
For questions, data requests, or complaints about how we handle your personal data:
We aim to acknowledge all enquiries within 5 business days and to resolve them within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with your national data protection authority.