Last edit date: September 5th, 2015
Since the primary goal of the service is to protect private information, privacy of xfile.io users is our major concern and we take the measures described in this policy to ensure it.
1. Service description
xfile.io is a free online platform enabling users to create messages encrypted with HTTPS in a form of unique single-use URLs (hereinafter Links), which are destroyed after the first access through any browser.
The service does not bear any responsibility for sending the links, since the service does not provide means for transmitting data.
Based on a communication channel the user chooses (email, SMS, instant message, etc.), there may be a risk of interception allowing third parties to become aware of a transmitted URL and resulting in third parties ability to read the user's message.
2. Messages and the contents processing
Each link is generated in the user's browser and never sent as such to the service. Only the sender and recipient cam access to a link, and if it is lost, the massage cannot be recovered.
As far as nothing but a link couples the decryption key and message content together, and xfile.io has no access to the link, there is no way for the service to get the message in any readable format. This ensures that no other people, including xfile.io team, can read the message content.
When the user retrieves the message, its data in the service is deleted and cannot be recovered. When the user doesn't retrieve it within 30 days, the service deletes the message, as if it was marked as read.
XFile.io sysadmin team will do its best to prevent unauthorized access to the site, as well as modification or destruction of users' information. But even in case of unauthorized access, nobody will be able to read users' messages, as in order to decrypt their contents the intruders need to get the links, which are not held by the service.
3. IP addresses processing
Users' IP addresses are not logged, since they are needed only to communicate with xfile.io servers and they are deleted immediately after the communication is no longer required.
4. Pseudonymous data
The user can enter his personal information into a message. Though encrypted, it can be decrypted again, which makes it pseudonymous (personal) data. Note that the service database doesn't allow for identifying the person who created the message, since users' IP addresses are not stored in the database.
The data contained in a message can be decrypted exclusively by the sender and recipient, while the service has no possibility to decrypt and access it, as far as xfile.io is not able to get hold of decryption key contained in a link.
The service will not be liable for content of messages. The responsibility rests with the person using the link.
6. Information Disclosure
The service ensures that no users' information is shared with or sold to third parties, as well as it is not used otherwise than described in the policy.
Persistent cookies are used exclusively to provide users with the possibility to command the services in a preferred language. If cookies are disabled, the URL hiding process cannot be implemented and the service will fail to function. Once the message is erased, the cookies are removed.
8. Policy Validity
Note that some amendments can be introduced to the policy, which will be published on this page. In case the changes turn out to be substantial, which is unlikely, a noticeable post will be made on the home page. Users can identify the latest version through its effective date specified at the top of the page.
9. Contact Details
Regarding any questions about this policy or other privacy issues, please contact us via firstname.lastname@example.org