Privacy Policy

The Short Version

We don't collect or store your files. We can't see what you're sharing. We keep minimal logs just to keep the service running. That's it.

If you want the legal details, keep reading.

What We Collect

Files You Transfer

We don't collect these. Period.

Your files go directly from your device to the recipient's device. They never touch our servers. We couldn't access them even if we wanted to - that's the whole point of peer-to-peer transfer.

Connection Metadata

To make the WebRTC connection work, we temporarily store:

• Room codes (random 6-character strings)
• Connection timestamps
• Number of files in the transfer
• File names and sizes (to coordinate the transfer)

This data is automatically deleted after 24 hours, or immediately after the transfer completes - whichever comes first.

Server Logs

Our server keeps basic logs for debugging and preventing abuse:

• IP addresses (hashed after 7 days)
• Timestamps
• Room creation events
• Connection attempts

These logs are kept for 30 days maximum, then deleted.

Analytics

We use minimal analytics to understand how people use ZapFile:

• Page views (no tracking across sites)
• Browser type and OS
• General location (country level, from IP)
• Transfer success/failure rates

We don't use Google Analytics or similar tracking services. Our analytics are self-hosted and don't track individuals.

What We DON'T Collect

• Your files or their contents
• Names or email addresses (we don't have accounts)
• Browsing history
• Anything about you across different sessions
• Third-party cookies or trackers

How We Use Your Data

The minimal data we collect is used to:

• Make the file transfers work (can't avoid this)
• Prevent abuse and spam
• Debug issues when things break
• Understand basic usage patterns (like peak hours)

That's it. We don't sell data, we don't share it with advertisers, we don't use it for marketing.

Cookies

We use exactly one cookie: to remember your dark mode preference.

That's it. It's stored locally in your browser and never sent to our servers.

See our Cookie Policy for more details.

Data Sharing

We don't share your data with anyone, with a few exceptions:

• Legal requirements: If we're legally required to (court order, subpoena, etc.). Though there's not much to share since we don't store files.
• Hosting provider: Our servers run on [hosting provider]. They have access to server logs in the normal course of providing hosting services.

We will never sell your data. Ever. That's not our business model.

Security

All transfers are encrypted using WebRTC's built-in encryption (DTLS/SRTP). This is end-to-end encryption - even we can't decrypt it.

Our servers use HTTPS and standard security practices. But honestly, the best security is that we don't store your files in the first place.

Your Rights

Access your data: Since we don't store personal data or accounts, there's not much to access. But if you want to know what server logs we have for a specific IP address, email us.

Delete your data: Files are never stored. Server logs auto-delete after 30 days. If you want immediate deletion of logs related to a specific IP, email us.

Opt out: Don't use the service. Seriously - we have no accounts, no tracking across sessions, nothing to opt out of beyond just not using ZapFile.

Children's Privacy

We don't collect personal information from anyone, including children. The service works the same regardless of age.

That said, parents should supervise what their kids are sharing online, regardless of the service used.

International Users

ZapFile works worldwide. Your files transfer directly between devices, so location doesn't matter much.

Our servers are located in [location]. If you're in the EU and have concerns about data transfers, note that we collect minimal data and it's automatically deleted quickly.

Changes to This Policy

If we change how we handle data, we'll update this page and note the date at the top.

Big changes? We'll put a notice on the homepage.

Questions?

If something's unclear or you have privacy concerns, email us at [email protected]

We're real people and we'll actually respond.

← Back to Home