This policy was last updated on Oct 31, 2021.
"Fileglass" ("we", "us", "our") is a file sharing platform that operates via our website and API. "You" refers to anybody who has become bound to this policy, whether identified or not at the time.
Automatically Collected Information
Fileglass may automatically collect information:
- When you visit the website: We do not log user information upon requests to our website. However, in the case that your request is suspicious or you attempt to access a forbidden area, our web security solution will log your IP address and user agent, along with the nature of the request.
- When you visit the dashboard: We do not log user information upon requests to our dashboard. However, in the case that your request is suspicious or you attempt to access a forbidden area, our web security solution will log your IP address and user agent, along with the nature of the request.
Registrations on the Dashboard
When a new registration is made, we store the specified username, email address, password (hashed password) and the timestamp of the registration.
Hashing is a form of encryption in which data is converted to an unreadable string of characters which is irreversible to its original form.
Logins on the Dashboard
When a user logs in, we store the timestamp associated with the login for security purposes.
When a file is uploaded using the API or the Dashboard, we store the snowflake (User ID), the file uploaded and the timestamp associated with the upload. A unique ID is generated upon uploads to identify and serve the file.
Subsequent to uploading, the file uploaded will be compared against known CSAM signatures, if a match for CSAM is found, the file will be automatically removed and Fileglass developers will be notified. In the event that the file is verified CSAM, a report will be made to NCMEC CyberTipline. Fileglass uses Project Arachnid for CSAM identification. You can learn about Project Arachnid here and NCMEC CyberTipline here.
When a link is shortened using the API, we store the snowflake (User ID), the link to redirect to and the timestamp associated with the link shorten. A unique ID is generated upon link shortens to identify and redirect the link.
To process donations within the Dashboard donation page, Fileglass uses Stripe, a third-party payment processor. Upon placing a donation, the cardholder name, donation amount, your username and your account's connected email will be shared with Stripe to identify transactions and send receipts to end-users. Your card number is encrypted and only the last 4 digits is shared with Stripe. Your card number is never sent to our backend and is rather processed directly via Stripe. This information is not public.
Aggregate information such as browser/system information, referrers, page visited, duration of visit and country may be disclosed to our analytics service to provide us insights on how users use our services and how we can improve them. Plausible Analytics is used on our landing page and dashboard. You can learn more about Plausible Analytics here. You may learn more about how Plausible processes data by visiting Plausible's information page. If you'd like to opt-out of analytics, you can install extensions such as Google Analytics Opt-out Browser Add-on.
In the event that a subpoena or legal order is issued to Fileglass, your information may be disclosed in order to fulfill any lawful obligations.
No information is disclosed otherwise to any other third-party.
Where Data is Stored and Processed
Fileglass processes user data on all API nodes, which include our North and South America, Europe, Asia and Oceania nodes. All user data is solely stored on our main Frankfurt (Europe) database and is subject to GDPR regulations. All user uploaded content is stored on AWS S3 in the Frankfurt (Europe) region. You can learn how AWS processes data by visiting AWS' Data Compliance Policy.
Our API (api.file.glass) is not proxied via Cloudflare and is directly routed to our provider. Fileglass uses Google Cloud Armor for security and DDoS mitigation on our API. Per request, we collect the request URL, request method, user agent, request size and WAF request evaluation.
Data Retention & Deletion
Fileglass retains all collected user data, including uploads, until deleted.
Users may submit a request to firstname.lastname@example.org to ask for a copy of or ask for removal of their data. Upon ensuring ownership of the referenced account, we will process the data request and email the user once the process has been completed.
Fileglass does not knowingly collect personal information from users under the age of 13 or under the age of digital consent in applicable countries. Fileglass is for users aged 13 and above. If you have reason to believe that a user under the age of 13 or under the age of, when applicable, a countries digital consent, has disclosed personal information to Fileglass, please contact email@example.com. If we determine that we have been collecting personal information from a user as such, we will take steps to ensure that collection of the user's personal information is ceased and all data associated with the user is removed.
We reserve the right to modify or replace this policy at any time.
Continuing to use our service after the revisions constitutes your agreement to the revised policy. If you do not agree with the new policy, do not use the service.