Pricing P2P Encrypted Chat Desktop App Browser Extension
Upload a file

Privacy Policy

Last Updated: December 30, 2025

1. What We Collect (and why)

FileShot.io is engineered to collect as little data as possible:

  • Account Information: Email address + password (for all registered accounts) so you can log in and receive receipts.
  • Transfer Metadata: Upload ID/file ID, file name, expiration, file size, and download counts—so we can show File Manager and enforce limits.
  • Security Logs: Timestamp, IP, and user agent to prevent abuse and keep our infrastructure healthy.
  • Billing / Payout Metadata (Paid Features): Subscription tier status and payment-related identifiers (processed by Stripe). We do not store full card numbers.

We do not access readable contents of zero-knowledge uploads, sell data to advertisers, or build behavioral profiles.

2. How We Use Information

Any data we store is used solely to:

  • Provide the file-sharing services you request
  • Send optional notifications (ready-to-download emails, expiry reminders)
  • Prevent spam/malware and enforce quotas

3. Zero-Knowledge Encryption & Data Protection

FileShot uses zero-knowledge encryption on all uploads. Your browser generates an encryption key, encrypts the file locally, and uploads only ciphertext. We never see the key and cannot decrypt the file. Download recipients must enter the passphrase you shared directly with them.

What This Means:

  • Your files are safe from unauthorized access and data breaches
  • We can only provide encrypted data that we cannot decrypt
  • If you lose your passphrase, we cannot restore access—this is by design to ensure your privacy

Your privacy is built into our architecture. With zero-knowledge encryption, your data is protected by design, not just by policy.

4. File Storage & Security

We take your data security seriously:

  • Files are stored on private SSD volumes in encrypted buckets
  • Each transfer auto-deletes when its expiration or download cap is reached
  • No shadow backups are kept once a file expires
  • HTTPS encryption for all transfers
  • Secure password hashing for account authentication
  • No data mining—we don't sell your file contents or use them for advertising

Security Scanning: To protect users and prevent abuse, we may run automated checks such as antivirus scanning, file-type validation, blocked/suspicious extension checks, and rate limiting. For standard (non-zero-knowledge) uploads, this may include scanning file contents for malware. For zero-knowledge uploads, we only receive encrypted data (ciphertext) and cannot access readable file contents; enforcement may rely on metadata, file size, upload patterns, and filename/extension-based checks.

5. Data Sharing

We do not sell, trade, or rent your personal information. Your data is yours, and we treat it with the utmost respect.

We may share limited metadata (not file contents) only:

  • To protect our rights or prevent harm
  • With service providers (hosting, email) under strict confidentiality agreements

Zero-Knowledge Files: For files encrypted with zero-knowledge encryption, we cannot share readable content. The encryption key never left your device, so we have no access to the actual file contents.

6. Cookies and Browser Storage

We keep tracking minimal and transparent:

  • Session Cookies: HTTP-only cookies required for login authentication (set by our backend server)
  • Browser Storage: We use localStorage and sessionStorage (not cookies) to store:
    • Theme preference (light/dark mode)
    • Authentication token (for logged-in users)
    • User account information (for logged-in users)
    • Zero-knowledge encryption passwords (stored locally, never sent to server)
    • Affiliate referral code (optional): If you visit FileShot.io using a referral link (e.g., ?ref=CODE), we may store that referrer code in localStorage so it can be applied if you sign up later. We also record a server-side click event for affiliate attribution.
  • Analytics: Server-side analytics for operational insights (page views, usage patterns). No analytics cookies or client-side analytics tracking.

7. Browser Extension

The FileShot browser extension provides quick access to file uploads, screenshots, and media scanning directly from your browser. Here's what the extension does and does not do:

Permissions Used:

  • activeTab: Access the current page only when you click the extension icon—used for screenshots and media scanning
  • contextMenus: Add right-click options for quick uploads
  • storage: Save your preferences (theme, login status) locally in your browser
  • notifications: Show upload success/failure notifications
  • downloads: Download scanned media from webpages
  • clipboardWrite: Copy share links to your clipboard
  • scripting: Inject content scripts for screenshots and media scanning
  • tabs: Detect page navigation for media scanner updates
  • sidePanel: Enable optional sidebar mode

What We DON'T Do:

  • We do not collect your browsing history
  • We do not track which websites you visit
  • We do not sell or share any data with third parties
  • We do not run in the background—the extension only activates when you use it
  • We do not store page content on our servers (media scanning runs locally in your browser)

Files uploaded through the extension follow the same zero-knowledge encryption and privacy protections as files uploaded through the website.

8. Your Rights

You have the right to:

  • Access your account data and file metadata
  • Request a copy of your personal data (data export)
  • Delete your account and all associated data
  • Request deletion of your files
  • Opt-out of email notifications
  • Correct inaccurate personal information

To exercise these rights, please contact us at admin@fileshot.io with your request. We will respond within 30 days.

9. Third-Party Services

We partner with a few infrastructure providers:

  • Cloudflare: Secure CDN + DDoS mitigation.
  • Stripe: Processes paid subscriptions—no card data touches our servers.
  • Email/SMS providers: Deliver optional reminders and login codes.
  • Analytics: Server-side analytics for usage insights only; no client-side analytics cookies.

10. GDPR Compliance (European Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

  • Right of Access: Request a copy of all personal data we hold about you
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing of your personal data
  • Right to Withdraw Consent: Withdraw consent for data processing at any time

Legal Basis for Processing: We process your data based on:

  • Contractual necessity (to provide file-sharing services)
  • Legitimate interests (security, abuse prevention, service improvement)
  • Your consent (for optional features like email notifications)

Data Retention: We retain your data only as long as necessary to provide our services. Files are automatically deleted upon expiration. Account data is retained until you delete your account or request deletion.

To exercise your GDPR rights, contact us at admin@fileshot.io. You also have the right to lodge a complaint with your local data protection authority.

11. CCPA Compliance (California Residents)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: Request disclosure of what personal information we collect, use, disclose, and sell
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt-out of the sale of personal information (we do not sell personal information)
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

Do Not Sell My Personal Information: FileShot.io does not sell, rent, or trade your personal information to third parties. We do not engage in the sale of personal information as defined by CCPA.

Categories of Personal Information We Collect:

  • Identifiers (email address, IP address)
  • Account information (subscription tier, account preferences)
  • File metadata (file names, sizes, expiration dates—not file contents)
  • Usage data (server-side analytics for operational purposes)

To exercise your CCPA rights, contact us at admin@fileshot.io with "CCPA Request" in the subject line.

12. Children's Privacy

FileShot.io is not intended for users under 13 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child under 13, please contact us immediately at admin@fileshot.io and we will delete such information.

13. Changes to Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. We encourage you to review this policy periodically to stay informed about how we protect your information.

14. Contact

For privacy concerns, data requests, or questions about this Privacy Policy, please contact us:

Report Abuse

To report abuse, privacy violations, or illegal content, contact abuse@fileshot.io. We take all reports seriously and investigate promptly in accordance with our Terms of Service and applicable laws.

By using FileShot.io, you acknowledge that you have read and understood this Privacy Policy.