Privacy Policy

1. Who we are

VaultTransfer is a secure file transfer service accessible at vaultransfer.com. The data controller is the service operator, reachable at privacy@vaultransfer.com.

2. Data we collect

We collect only the data strictly necessary for the service to function:

• • Email address — only if you choose to register or log in
• • Uploaded files — temporarily, until the link expires
• • Transfer metadata — file name, size, expiry date
• • Payment data — managed by Stripe, we do not store it
• • Technical cookies — necessary for the site to function (user session)
• • Advertising cookies — Google AdSense, only with your explicit consent

3. How we use your data

• • To allow you to upload and share files
• • To manage your account and subscription
• • To send you the magic login link
• • To automatically delete files upon expiry
• • To show contextual advertising (Free users only, with consent only)

4. Cookies and tracking

We use the following types of cookies:

• • Technical cookies — strictly necessary for login and session. Do not require consent.
• • Advertising cookies (Google AdSense) — used to show relevant ads to Free users. Require your explicit consent via the cookie banner.

You can change your cookie preferences at any time by clearing your browser data or contacting us.

5. Data retention

Files are automatically deleted upon link expiry (1, 7, or 30 days) from both the database and storage. Account data is retained while the account is active. You may request deletion of your account at any time by writing to privacy@vaultransfer.com.

6. Third-party sharing

We do not sell your data. We use the following third-party services:

• • Supabase — database and storage (European servers)
• • Vercel — application hosting (US servers with global CDN)
• • Stripe — payment processing (US/EU servers)
• • Google AdSense — contextual advertising (Free users with consent only)
• • Cloudflare — DNS and protection (global servers)

7. Your rights (GDPR)

If you are a resident of the European Union, you have the right to:

• • Access your personal data
• • Rectify inaccurate data
• • Request deletion of your data ("right to be forgotten")
• • Object to processing for advertising purposes
• • Data portability
• • Withdraw consent at any time

To exercise these rights, write to privacy@vaultransfer.com. We will respond within 30 days.

8. Security

All transfers occur over HTTPS encrypted connections with TLS 1.3. Files are stored in private buckets accessible only via temporary signed links. Protection passwords are hashed with bcrypt at 12 rounds. Files cannot be accessed without the unique link.

9. International transfers

Some of our providers (Vercel, Stripe) operate in the United States. Data transfers to the US are carried out in compliance with GDPR guarantees (Standard Contractual Clauses). Database and storage data is hosted in Europe via Supabase.

10. Contact and complaints

For any privacy questions, write to privacy@vaultransfer.com. You also have the right to lodge a complaint with the Italian Data Protection Authority — Garante per la Protezione dei Dati Personali (garanteprivacy.it).