Privacy Policy

This Privacy Policy explains what data Zippd (operated by [Legal Entity Name — REPLACE]) collects, why, how it’s used, and what choices you have. It applies to the website and Service at zippd.io.

1. Our zero-knowledge architecture

Files uploaded through Zippd are encrypted in your browser using AES-256-GCM before they leave your device. The encryption key is generated client-side and embedded only in the URL fragment (the part of the link after #), which browsers do not transmit to servers. We do not have the technical ability to decrypt or inspect the contents of files stored on our infrastructure. This applies to file content, original filenames, MIME types, and original plaintext sizes — all of which are encrypted client-side.

2. What we store

For every uploaded file we keep:

• A random public identifier (used in the share URL)
• A random storage key (used to address the object on our storage provider)
• The ciphertext size in bytes
• An expiry timestamp
• An opaque base64 ciphertext blob containing the file’s encrypted metadata (filename, MIME, plaintext size). We cannot decrypt this without the URL fragment.
• A keyed HMAC-SHA256 hash of the uploader’s IP address (not the IP itself), used solely for rate-limiting and abuse prevention.
• For registered Users: the user’s account ID linkage to the file.
• The encrypted file ciphertext, stored with our storage provider (currently Wasabi / S3-compatible).

3. What we collect from registered Users

If you create an account, we collect:

• Email address (required for password reset).
• A display name (optional).
• A bcrypt-hashed password (the plaintext is never stored or logged).
• Account creation and last-login timestamps.

We do not require email verification. We deliberately collect the minimum information needed to operate the Service.

4. What we do not collect

• Plaintext IP addresses (we store only HMAC-hashed identifiers).
• Geolocation data.
• File contents, filenames, or any decrypted material.
• Third-party analytics that profile or track individual Users across sites.
• Marketing or advertising profiles of registered Users.

5. Cookies

The Service uses two functional cookies:

• zippd-session — required for login and CSRF protection on registered accounts.
• XSRF-TOKEN — a CSRF token used by all browser API calls.

We do not set advertising or cross-site tracking cookies. If you have configured an ad slot or analytics tag via the admin panel, those may set additional cookies governed by their own privacy policies.

6. Server logs

Our web server may retain access logs for up to 30 days. Logs include: hashed-IP identifier, timestamp, request path, user-agent string, response status. Logs are used solely for security, debugging, and abuse mitigation, and are purged automatically.

7. Third parties

• Storage: Encrypted file ciphertext is stored with Wasabi Technologies (an S3-compatible storage provider). Wasabi receives only ciphertext, never plaintext or keys.
• Database hosting: Hosted on our own server at [Hosting Provider — REPLACE].
• Email: Outbound transactional email (password reset) is delivered via [Email Provider or “none configured” — REPLACE].
• Ads / analytics: If you encounter advertising on the Service, the ad network (e.g. Google AdSense) may collect its own data subject to its own policy. Where required by your jurisdiction, a consent banner is displayed before such third-party content is loaded.

8. Data retention

• Files: deleted automatically after their TTL expires (7 days for anonymous, 30 days for registered, configurable per upload). A scheduled job runs hourly to remove expired ciphertext.
• Server logs: 30 days.
• Registered accounts: retained until you request deletion.
• DMCA reports: retained indefinitely for legal-record purposes.

9. Your rights (EU / UK / California Users)

If you are located in the EU, UK, or California, you have certain rights under the GDPR, UK GDPR, and CCPA respectively, including the right to:

• Access the personal data we hold about you;
• Request correction or deletion;
• Restrict or object to processing;
• Data portability;
• Lodge a complaint with a supervisory authority.

To exercise any of these rights, email our contact form (category Privacy / GDPR). Note that because of our zero-knowledge architecture, we cannot identify which files belong to which person from an email address alone — we can only act on data tied to your registered account.

10. International transfers

Our storage and servers are located in [Region — REPLACE, e.g. “the European Union (Frankfurt, Germany)”]. By using the Service, you consent to your data being transferred to and processed in that region.

11. Security

We implement encryption in transit (HTTPS) and at rest (Wasabi server-side encryption, in addition to our client-side AES-GCM). Passwords are stored as bcrypt hashes. We make a good-faith effort to secure the Service but cannot guarantee that no breach will occur. If a breach occurs, we will notify affected Users in accordance with applicable law.

12. Children

The Service is not directed at children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided personal data to us, contact our contact form (category Privacy / GDPR) and we will delete it.

13. Changes

We may update this Privacy Policy from time to time. The “Last updated” date indicates when it was last changed. Material changes will be highlighted on this page for at least 30 days.

14. Contact

Privacy questions: our contact form (category Privacy / GDPR)
Data Protection Officer (if appointed): [Name — REPLACE or remove]