Privacy Policy

This policy was last updated on Oct 31, 2021.

"Fileglass" ("we", "us", "our") is a file sharing platform that operates via our website and API. "You" refers to anybody who has become bound to this policy, whether identified or not at the time.

Upon visiting our website, file.glass (the "Website"), the dashboard, dash.file.glass (the "App") or generally, use any of our services (the "Services", which include the Website and App), we appreciate your trust in Fileglass. The data we collect will be explained here, along with how it's used, and what rights you have related to it. If there are any terms in this privacy policy that you disagree with, please don't use the service.

Automatically Collected Information

Fileglass may automatically collect information:

  • When you visit the website: We do not log user information upon requests to our website. However, in the case that your request is suspicious or you attempt to access a forbidden area, our web security solution will log your IP address and user agent, along with the nature of the request.
  • When you visit the dashboard: We do not log user information upon requests to our dashboard. However, in the case that your request is suspicious or you attempt to access a forbidden area, our web security solution will log your IP address and user agent, along with the nature of the request.

Registrations on the Dashboard

When a new registration is made, we store the specified username, email address, password (hashed password) and the timestamp of the registration.

Hashing is a form of encryption in which data is converted to an unreadable string of characters which is irreversible to its original form.

Logins on the Dashboard

When a user logs in, we store the timestamp associated with the login for security purposes.

File Uploads

When a file is uploaded using the API or the Dashboard, we store the snowflake (User ID), the file uploaded and the timestamp associated with the upload. A unique ID is generated upon uploads to identify and serve the file.

Subsequent to uploading, the file uploaded will be compared against known CSAM signatures, if a match for CSAM is found, the file will be automatically removed and Fileglass developers will be notified. In the event that the file is verified CSAM, a report will be made to NCMEC CyberTipline. Fileglass uses Project Arachnid for CSAM identification. You can learn about Project Arachnid here and NCMEC CyberTipline here.

Link Shortening

When a link is shortened using the API, we store the snowflake (User ID), the link to redirect to and the timestamp associated with the link shorten. A unique ID is generated upon link shortens to identify and redirect the link.

Payment Processing

To process donations within the Dashboard donation page, Fileglass uses Stripe, a third-party payment processor. Upon placing a donation, the cardholder name, donation amount, your username and your account's connected email will be shared with Stripe to identify transactions and send receipts to end-users. Your card number is encrypted and only the last 4 digits is shared with Stripe. Your card number is never sent to our backend and is rather processed directly via Stripe. This information is not public.

Information Disclosure

Aggregate information such as browser/system information, referrers, page visited, duration of visit and country may be disclosed to our analytics service to provide us insights on how users use our services and how we can improve them. Plausible Analytics is used on our landing page and dashboard. You can learn more about Plausible Analytics here. You may learn more about how Plausible processes data by visiting Plausible's information page. If you'd like to opt-out of analytics, you can install extensions such as Google Analytics Opt-out Browser Add-on.

In the event that a subpoena or legal order is issued to Fileglass, your information may be disclosed in order to fulfill any lawful obligations.

No information is disclosed otherwise to any other third-party.

Where Data is Stored and Processed

Fileglass processes user data on all API nodes, which include our North and South America, Europe, Asia and Oceania nodes. All user data is solely stored on our main Frankfurt (Europe) database and is subject to GDPR regulations. All user uploaded content is stored on AWS S3 in the Frankfurt (Europe) region. You can learn how AWS processes data by visiting AWS' Data Compliance Policy.

Web Security

Fileglass uses Cloudflare for web security and DDoS mitigation on our website. All requests to Fileglass websites are proxied via Cloudflare, Cloudflare may collect data to provide mitigation and other services to us. You can learn more about how Cloudflare processes data by visiting Cloudflare's Privacy Policy.

Our API (api.file.glass) is not proxied via Cloudflare and is directly routed to our provider. Fileglass uses Google Cloud Armor for security and DDoS mitigation on our API. Per request, we collect the request URL, request method, user agent, request size and WAF request evaluation.

Data Retention & Deletion

Fileglass retains all collected user data, including uploads, until deleted.

Users may submit a request to [email protected] to ask for a copy of or ask for removal of their data. Upon ensuring ownership of the referenced account, we will process the data request and email the user once the process has been completed.

Minimum Age

Fileglass does not knowingly collect personal information from users under the age of 13 or under the age of digital consent in applicable countries. Fileglass is for users aged 13 and above. If you have reason to believe that a user under the age of 13 or under the age of, when applicable, a countries digital consent, has disclosed personal information to Fileglass, please contact [email protected]. If we determine that we have been collecting personal information from a user as such, we will take steps to ensure that collection of the user's personal information is ceased and all data associated with the user is removed.

Updates to this Privacy Policy

We reserve the right to modify or replace this policy at any time.

Continuing to use our service after the revisions constitutes your agreement to the revised policy. If you do not agree with the new policy, do not use the service.

Contact Us

If you have any general enquiries about this Privacy Policy, you can contact us by email at [email protected].