The GDPR was designed to give you, as consumers and citizens, more control over your personal data. Keeping your data private and secure has always been a top-priority here at Filemail - and now we have taken it up another notch. Here is a brief summary of the actions what we have taken in order to be GDPR compliant and at the same time provide you a good service:
- We identified absolutely all personal data that we collect and improved our data retention policies. All data (metadata) related to an anonymous (free) transfer is deleted 180 days after the transfer expires. When a user account expires - we automatically wipe out all personal data about user after 365 days of inactivity. We keep the data for this long to be able to quickly have your account back up and running in case you come back to us with this time. Your transfer data is still deleted 180 days after the transfer expires. Subscription and transaction data are kept for up to 3 years to comply with The Accounting Act which secures that we can track transactions in case of disputes and support cases. After 3 years, the subscription and transaction data will be anonymized.
We use Intercom.io for support and Intercom's data retention policy states that they will automatically expire data on visitors that have not been seen in 9 months.
We use BraintreePayments.com for credit card payments. Your transaction data is kept for 3 years after your account has your account has expired.
- Your files are stored in your region - or where you choose. Transfers uploaded in the EU are stored in the EU. Transfers uploaded in the US are stored in the US - you get the picture. With a Business account you can specify exactly which regions of the world that files may be stored in. We are currently represented in the US, Germany, Spain, Norway, Austria, UK, The Netherlands, Brazil, India and Australia. (Your other data/metadata such as name, email addresses, IP addresses is stored in our core servers which are located in The Netherlands (EU)).
- You can request a data dump of all the information we keep about you. Contact us at email@example.com in order to file such a request.
- You can easily update your own personal information in order to keep it accurate. Go to your profile or company settings to update this.
- You can delete your data (sent files + your entire account) at any given time. You can also ask us to stop processing your data - meaning that we will permanently delete your customer data and all your files.
- We have a PrivacyPolicy that's easy to understand and follow. It is available here.
- We now ask for your consent to process your personal data when you sign up. You can withdraw this consent by contacting firstname.lastname@example.org (or via the Chat).
- We documented all cookies that is used - both internally and also 3rd party cookies. Read more about our cookies here.
- We have formulated a GDPR Data Processing Agreement that you as a customer should sign and return to us at email@example.com. Download the agreement here (PDF).