Privacy Policy

Last updated: 2026-06-23.

What we collect

• Shared content. The files and text you upload. Files are stored under a random key — never your original filename — and are deleted automatically when the expiry you set passes, or after the first view for view-once links.
• Account (optional). Sharing works without an account. If you create one, we store your email and a hashed password (a salted hash only, never plain text).
• Abuse-prevention data. A salted hash of your IP address (not the IP itself) for rate limiting, plus any abuse reports filed against content.
• Server logs. IP address, user agent, and request paths, kept up to 30 days for security and abuse prevention.

How we use it

To store and serve your shared content for its chosen lifetime, enforce upload limits, prevent abuse, and respond to reports and lawful requests. We do not sell personal data, show third-party advertising, or use your data to train AI models.

Retention & deletion

Shared content is ephemeral: it is removed when its expiry passes or, for view-once links, after the first non-owner view. We do not retain copies after deletion beyond routine, short-lived operational logs and backups.

Who we share it with

• Self-hosted infrastructure — we host the app and store your content in object storage we operate. Your data is not handed to a third-party database, authentication, or hosting provider.
• Product analytics — a third-party analytics provider records anonymous usage events and sets an analytics identifier; it is not used for advertising. Your shared content is not sent to it.
• Error monitoring — when the app hits an error, a diagnostic report (stack trace and request context) is sent to a third-party error-monitoring provider so we can fix it.

Cookies & analytics

Filepoke sets an HttpOnly cookie only when you are signed in to an account. Our analytics provider (above) sets an analytics identifier (in local storage and a cookie) to count visits and measure feature use. We do not use cookies for advertising or cross-site tracking.

Your rights (GDPR / CCPA)

You can delete shared content early by setting a short expiry or using a view-once link; otherwise it auto-deletes. If you have an account, you can access or delete it in the app. To make any other privacy request, email our privacy contact. EU residents may also lodge a complaint with their local supervisory authority.

Children

The service is not directed to children under 13 (or the applicable age of digital consent). We do not knowingly collect personal information from children.