Home
Legal

Privacy Policy

Effective April 18, 2026

1. Information We Collect

We collect information in the following ways:

  • Account information — When you sign up via Google OAuth or email magic link, we receive your name and email address. We do not store passwords.
  • Files you upload — We store the files you upload on Cloudflare R2 storage to provide the Service. We do not access, scan, or analyze your file contents.
  • Usage data — We collect basic analytics such as file view counts, download counts, and storage usage to provide dashboard features and enforce plan limits.
  • Technical data — Standard server logs including IP addresses, browser type, and request timestamps. These are retained for security and debugging purposes.

2. How We Use Your Data

We use collected information to:

  • Provide, maintain, and improve the Service
  • Process payments and manage subscriptions via Stripe
  • Display file analytics on your dashboard
  • Enforce storage limits and usage quotas
  • Send essential service communications (never marketing without consent)
  • Detect and prevent abuse, fraud, or security threats

3. Analytics

We use PostHog for product analytics to understand how features are used and improve the Service. PostHog is configured to respect Do Not Track browser settings. We do not use analytics data for advertising or sell it to third parties.

4. Data Sharing

We do not sell your personal data. We share information only with:

  • Cloudflare — Infrastructure provider for file storage (R2), database (D1), and content delivery
  • Stripe — Payment processing for subscriptions. Stripe's use of your data is governed by their own privacy policy
  • PostHog — Product analytics, configured with privacy-preserving defaults

We may also disclose information when required by law or to protect the rights and safety of our users and the Service.

5. File Privacy

Files you upload are stored on Cloudflare R2. Each file receives a unique URL. Files shared via link are accessible to anyone with that link — there is no additional password protection unless you restrict access yourself.

We do not scan, index, or analyze the contents of your files. Your files are your own.

6. Custom Subdomains

When you use a custom subdomain (e.g., brand.zenfiles.xyz), files shared through that subdomain may be publicly accessible. The subdomain itself is visible to anyone who accesses a shared link.

7. Data Retention

We retain your account data and files as long as your account is active. When you delete your account, all associated files and personal data are permanently removed from our systems within 30 days. Server logs are retained for a maximum of 90 days.

8. Cookies

We use essential session cookies to maintain your login state. We do not use advertising cookies or third-party tracking cookies. PostHog may set a first-party analytics cookie, which respects your Do Not Track preference.

9. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Delete your account and all associated data
  • Export your files at any time
  • Object to data processing where applicable under your local law

To exercise any of these rights, contact us at privacy@zenfiles.xyz.

10. Security

We implement industry-standard security measures including encrypted connections (TLS), secure authentication flows (OAuth / magic links — no stored passwords), and isolated infrastructure on Cloudflare's global network. While no system is perfectly secure, we take reasonable steps to protect your data.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice in the Service. Continued use after changes constitutes acceptance of the updated policy.

12. Contact

Questions or concerns? Reach us at privacy@zenfiles.xyz.