Privacy Policy

What we collect

We collect the minimum amount of data needed to provide the service:

• -Account data: Email, hashed password, display name (if set)
• -Discord link: Discord ID and username if you sign in with Discord
• -Uploaded files: File content, original filename, size, MIME type
• -Usage data: Download counts per file

What we don't collect

• -No third-party analytics or tracking scripts
• -No advertising cookies or pixels
• -No browser fingerprinting
• -No selling or sharing data with third parties

How we store data

Files are stored on Cloudflare R2. Account data and metadata are stored in Cloudflare D1 (SQLite). Passwords are hashed with PBKDF2-SHA256 and never stored in plain text. Sessions use signed JWTs stored as secure, HTTP-only cookies.

Two-factor authentication

If you enable 2FA, your TOTP secret is stored encrypted in the database. We use industry-standard TOTP (RFC 6238) compatible with any authenticator app.

Data retention

Anonymous uploads are automatically deleted after 30 days. Account data is kept until you delete your account. When you delete your account, all associated files and data are permanently removed.

Cookies

We use a single session cookie to keep you logged in. That's it. No tracking cookies, no third-party cookies.

Your rights

You can export or delete your data at any time through your account settings. If you need help, reach out via the contact page.

Changes

We'll update this page if our privacy practices change. No sneaky changes — the "last updated" date at the top always reflects the latest version.