Privacy Policy

Last Updated: October 7, 2025

Our Commitment to Your Privacy

At FileGate, we believe privacy is a fundamental right, not a luxury. This Privacy Policy explains what data we collect, why we collect it, and what we do (and don't do) with it.

We're committed to transparency and minimal data collection. We do not track you, sell your data, train AI models on your files, or send you marketing emails. If you have questions, email us at legal@filegate.io - we're here to help.

1. Who We Are

FileGate is operated by Refactor Projects, LLC, a company registered in Oregon, United States. Our address is:

5441 S Macadam Ave Ste N
Portland, Oregon 97239
United States

For all privacy-related questions, contact us at legal@filegate.io.

2. Information We Collect

Account Information

When you create an account, we collect:

  • Your email address (used for authentication)
  • Account creation date
  • Authentication codes (temporary, expire after 5 minutes)

File Metadata

When you upload files, we collect metadata about them (but not the file contents for analysis purposes):

  • Filename
  • File size
  • Content type (MIME type)
  • Upload timestamp
  • Share settings (passwords, email access lists, expiration dates)
  • Storage location (Cloudflare R2 blob key)

Payment Information

All users provide payment information during account setup:

  • Payment processing handled by Stripe (we do not store credit card numbers)
  • Card verification during account creation (not charged for 30 days)
  • Billing history and invoices
  • Storage usage metrics for billing calculations
  • Stripe customer ID and subscription ID

Server Logs (Minimal)

Our servers automatically collect limited technical information:

  • IP addresses (for security and abuse prevention)
  • Request timestamps
  • HTTP request details (method, path, status code)
  • Error logs for troubleshooting

Server logs are retained for at least 30 days.

What We DON'T Collect

Unlike most web services, we explicitly do not collect:

  • Cookies (except essential session management)
  • Tracking pixels or web beacons
  • Behavioral analytics or usage patterns
  • Browser fingerprints
  • Social media profile information
  • Location data beyond IP address
  • Device identifiers

3. How We Use Your Information

Primary Uses

We use your information only to provide and improve FileGate:

  • Authenticate your account (email-based authentication codes)
  • Store and deliver your files
  • Process payments (Pro tier)
  • Enforce access controls (passwords, email verification)
  • Prevent abuse and maintain security
  • Comply with legal obligations
  • Communicate essential service information (not marketing)

Content Scanning

We reserve the right to scan files for malware and child sexual abuse material (CSAM) at our discretion using automated tools. This scanning is done solely for security and legal compliance purposes.

We do not manually review file contents except when legally required (e.g., valid court order) or in response to specific abuse reports.

What We DON'T Do

We explicitly commit to NOT using your information for:

  • Advertising or marketing profiling
  • Cross-site tracking or behavioral analysis
  • Training AI or machine learning models
  • Selling, renting, or sharing with data brokers
  • Building user profiles for any purpose beyond service delivery

4. Information Sharing and Disclosure

Service Providers

We share limited data with trusted third-party service providers necessary to operate FileGate:

  • Cloudflare R2: File storage (subject to Cloudflare's privacy policy and data processing agreement)
  • Amazon Web Services (AWS): Infrastructure hosting, database (DynamoDB), and email delivery (SES)
  • Stripe: Payment processing for Pro accounts (subject to Stripe's privacy policy)

All service providers are contractually obligated to protect your data and use it only for providing their services to us.

Legal Requirements

We may disclose information when legally required:

  • Valid subpoenas or court orders
  • Legal process requiring disclosure
  • National security requests (with commitment to transparency reports)
  • Emergency situations involving imminent harm
  • DMCA copyright infringement claims

We will notify affected users of legal requests unless prohibited by law.

What We NEVER Do

We will never:

  • Sell or rent your personal information
  • Share your data with advertisers
  • Provide your information to data brokers
  • Use your data for marketing purposes
  • Share your files or metadata except as described in this policy

5. Data Security

We implement industry-standard security measures:

  • Encryption in transit: All data transmitted via HTTPS/TLS
  • Encryption at rest: Files encrypted by Cloudflare R2
  • Access controls: Email-based authentication with temporary codes
  • Short-lived URLs: Download links expire after 15 seconds
  • Security updates: Regular patching and monitoring
  • Breach notification: We will notify affected users within 72 hours of discovering a breach

Security Limitations

No system is 100% secure. You are responsible for:

  • Keeping your email account secure
  • Not sharing authentication codes
  • Using strong share passwords when applicable
  • Understanding that FileGate is not a backup service

6. Data Retention and Deletion

Active Accounts

  • Files retained until you delete them or set a custom expiration date
  • You control file retention through share expiration settings
  • Account data retained until account deletion or suspension

Suspended Accounts

  • After grace period (48 hours), all files are permanently deleted
  • Share metadata is archived for records (name, gates, timestamps only)
  • Archived share data retained until account deletion

Account Deletion

When you delete your account:

  • All files are permanently deleted within 30 days
  • Share metadata (including archived shares) is deleted within 30 days
  • Email address and payment history retained for 7 years for tax and legal compliance
  • Server logs containing your IP address retained for at least 30 days

Backups

Deleted data may persist in backups for up to 90 days before being overwritten. Backups are encrypted and not used for data recovery except in emergency situations.

7. International Data Transfers and Storage

Your data may be stored and processed in the United States and other countries where our service providers operate, including:

  • United States (primary data center locations)
  • Countries where Cloudflare operates edge networks

Legal Basis for Transfers

If you are located in the European Union or other regions with data transfer restrictions:

  • We rely on Standard Contractual Clauses (SCCs) with our service providers
  • Your use of FileGate constitutes consent to international data transfers
  • We ensure service providers meet GDPR adequacy requirements

8. Your Privacy Rights

Rights for All Users

You have the right to:

  • Access: Request a copy of your personal data
  • Correct: Update inaccurate information
  • Delete: Close your account and delete your data
  • Export: Download your files at any time
  • Restrict: Limit how we process your data (within service constraints)

GDPR Rights (European Union Users)

If you are in the EU, you have additional rights under the General Data Protection Regulation:

  • Right to access (Article 15)
  • Right to rectification (Article 16)
  • Right to erasure / "right to be forgotten" (Article 17)
  • Right to restrict processing (Article 18)
  • Right to data portability (Article 20)
  • Right to object (Article 21)
  • Right to withdraw consent
  • Right to lodge a complaint with your national data protection authority

CCPA Rights (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act:

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of sale (not applicable - we don't sell data)
  • Right to non-discrimination for exercising your rights

Oregon Consumer Privacy Act Rights

Oregon residents have similar rights to GDPR and CCPA, including:

  • Right to access and portability
  • Right to correction
  • Right to deletion
  • Right to opt-out of targeted advertising (not applicable - we don't advertise)

How to Exercise Your Rights

To exercise any of these rights, email us at legal@filegate.io with your request. We will respond within:

  • 30 days for GDPR requests
  • 45 days for CCPA requests
  • Reasonable timeframe for other requests

We may ask you to verify your identity before fulfilling requests.

9. Children's Privacy

FileGate is not intended for users under 16 years of age. We do not knowingly collect personal information from children.

If you are a parent or guardian and believe your child has provided us with personal information, contact us at legal@filegate.io and we will delete it promptly.

10. Cookies and Tracking Technologies

What We Use

FileGate uses minimal tracking technologies:

  • Essential cookies: Session management for authentication (required for service to function)
  • No analytics cookies: We do not track your behavior
  • No advertising cookies: We don't serve ads
  • No third-party tracking: No social media pixels or advertising trackers

Browser Settings

You can configure your browser to reject cookies, but this will prevent you from staying logged in to FileGate. Our service requires essential session cookies to function.

11. Email Communications

Transactional Emails (Required)

We send essential emails necessary for service operation:

  • Authentication codes for login
  • Share access notifications (if you enable them)
  • Billing notifications
  • Payment receipts and invoices
  • Security alerts (e.g., unusual activity)
  • Updates to Terms of Service or Privacy Policy

No Marketing Emails

We do not send promotional or marketing emails. We will never share your email address with third parties for marketing purposes.

Email Preferences

You can disable optional notifications in your account settings. You cannot opt-out of critical account or security-related emails.

12. Third-Party Links

Files shared through FileGate may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties.

We encourage you to review the privacy policies of any third-party sites you visit. This Privacy Policy applies only to information collected by FileGate.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes:

  • We will email you at your registered email address
  • We will provide 30 days' notice before changes take effect
  • We will update the "Last Updated" date at the top of this page

Continued use of FileGate after changes take effect constitutes acceptance of the updated policy. If you don't agree to changes, you should close your account before the effective date.

14. Data Protection Officer

For questions about this Privacy Policy, data processing, or to exercise your privacy rights, contact us at:

Email: legal@filegate.io
Postal Address:
Refactor Projects, LLC
5441 S Macadam Ave Ste N
Portland, Oregon 97239
United States

15. Additional Information for EU Users

If you are in the European Union, additional information about our data processing:

Legal Basis for Processing

  • Contract performance: Processing necessary to provide FileGate service
  • Legitimate interest: Security monitoring, abuse prevention
  • Legal obligation: Compliance with laws and regulations
  • Consent: Optional features you explicitly enable

Data Controller

Refactor Projects, LLC is the data controller for your personal information.

Supervisory Authority

If you are unhappy with how we handle your data, you have the right to lodge a complaint with your national data protection supervisory authority.