Privacy Policy

This policy was last updated on Aug 28, 2021.

"Fileglass" ("we", "us", "our") is a file sharing platform that operates via our website and API. "You" refers to anybody who has become bound to this policy, whether identified or not at the time.

Upon visiting our website, file.glass (the "Website"), the dashboard, dash.file.glass (the "App") or generally, use any of our services (the "Services", which include the Website and App), we appreciate your trust in Fileglass. The data we collect will be explained here, along with how it's used, and what rights you have related to it. If there are any terms in this privacy policy that you disagree with, please don't use the service.

Automatically Collected Information

Fileglass may automatically collect information:

  • When you visit the website: We do not log user information upon requests to our website. However, in the case that your request is suspicious or you attempt to access a forbidden area, our web security solution will log your IP address and user agent, along with the nature of the request.
  • When you visit the dashboard: We do not log user information upon requests to our dashboard. However, in the case that your request is suspicious or you attempt to access a forbidden area, our web security solution will log your IP address and user agent, along with the nature of the request.

Registrations on the Dashboard

When a new registration is made, we store the specified username, email address and password (hashed password). The IP address (hashed address) used to register the account is stored to combat against alternate or spam accounts, lastly, the timestamp of the registration is stored.

Hashing is a form of encryption in which data is converted to an unreadable string of characters which is irreversible to its original form.

Logins on the Dashboard

When a user logs in, we store the IP address (hashed address) and the timestamp associated with the login for security purposes.

Hashing is a form of encryption in which data is converted to an unreadable string of characters which is irreversible to its original form.

File Uploads

When a file is uploaded using the API or the Dashboard, we store the IP address, the snowflake (User ID), the file uploaded and the timestamp associated with the upload. A unique ID is generated upon uploads to identify and serve the file.

Subsequent to uploading, the file uploaded will be compared against known CSAM signatures, if a match for CSAM is found, the file will be automatically removed and Fileglass developers will be notified. In the event that the file is verified CSAM, a report will be made to NCMEC CyberTipline. Fileglass uses Project Arachnid for CSAM identification. You can learn about Project Arachnid here and NCMEC CyberTipline here.

Link Shortening

When a link is shortened using the API, we store the IP address, the snowflake (User ID), the link to redirect to and the timestamp associated with the link shorten. A unique ID is generated upon link shortens to identify and redirect the link.

Payment Processing

To process donations within the Dashboard donation page, Fileglass uses Stripe, a third-party payment processor. Upon placing a donation, the cardholder name, donation amount, your username and your account's connected email will be shared with Stripe to identify transactions and send receipts to end-users. Your card number is encrypted and only the last 4 digits is shared with Stripe. Your card number is never sent to our backend and is rather processed directly via Stripe. This information is not public.

Information Disclosure

Limited information such as browser/system information, cookies, and IP addresses for demographics may be disclosed to our analytics services to provide us insights on how users use our services and how we can improve them. Cloudflare Site Analytics is used on our website and Google Universal Analytics is used on our dashboard. You can learn more about Cloudflare Web Analytics here, and Google Universal Analytics here. You may learn more about how Cloudflare and Google process data by visiting Cloudflare's Privacy Policy and Google's Partner Privacy Policy. If you'd like to opt-out of analytics, you can install extensions such as Google Analytics Opt-out Browser Add-on.

In the event that a subpoena or similar is issued to Fileglass, your information may be disclosed in order to fulfill any lawful obligations.

No information is disclosed otherwise to any other third-party.

Where Data is Stored and Processed

Fileglass processes user data on all API nodes which include our Iowa (USA), Frankfurt (Europe), and Sydney (Oceania) nodes. User data is solely stored on our main Iowa (USA) database. All user uploaded media is stored on AWS S3 and Backblaze B2. You can learn how AWS and Backblaze process data by visiting AWS' Data Compliance Policy and Backblaze's Privacy Policy.

Web Security

Fileglass uses Cloudflare for web security and DDoS mitigation. All requests to Fileglass services are proxied via Cloudflare, Cloudflare may collect data to provide mitigation and other services to us. You can learn more about how Cloudflare processes data by visiting Cloudflare's Privacy Policy.

Data Retention & Deletion

Fileglass retains all collected user data, including uploads, until deleted.

Users may submit a request to [email protected] to ask for a copy of or ask for removal of their data. Upon ensuring ownership of the referenced account, we will process the data request and email the user once the process has been completed.

Minimum Age

Fileglass does not knowingly collect personal information from users under the age of 13 or under the age of digital consent in applicable countries. Fileglass is for users aged 13 and above. If you have reason to believe that a user under the age of 13 or under the age of, when applicable, a countries digital consent, has disclosed personal information to Fileglass, please contact [email protected]. If we determine that we have been collecting personal information from a user as such, we will take steps to ensure that collection of the user's personal information is ceased and all data associated with the user is removed.

Updates to this Privacy Policy

We reserve the right to modify or replace this policy at any time.

Continuing to use our service after the revisions constitutes your agreement to the revised policy. If you do not agree with the new policy, do not use the service.

Contact Us

If you have any general enquiries about this Privacy Policy, you can contact us by email at [email protected].