Privacy Policy

FileDue collects the information needed to create, activate, and deliver payment-gated file delivery links.

• Account and session data: email address, authentication records, session tokens, and basic session metadata such as IP address and user agent. Sessions are managed using secure httpOnly cookies that are not accessible to browser scripts.
• Stripe account data: your Stripe account ID, onboarding status, and payout capability status. We do not store full payment card numbers or any other card data.
• Delivery data: file names, file sizes, delivery amounts, currencies, delivery notes, and link status history.
• Payment data: amount, currency, Stripe payment intent identifiers, and transaction timestamps. Card processing is handled entirely by Stripe.
• Uploaded files: files you upload are stored securely in Cloudflare R2 and made available for download only after successful client payment. Files are automatically deleted 30 days after payment is received.

We use your data to operate the service you requested and to protect the product from abuse.

• To authenticate you by one-time email code and maintain your session.
• To store and deliver your uploaded files securely behind a payment gate.
• To process client payments via Stripe and unlock files upon confirmation.
• To calculate and collect our platform fee via Stripe Connect.
• To troubleshoot failures, prevent misuse, and provide support.
• To collect optional product feedback when you choose to submit it via our feedback form.

We do not sell your data, share it with advertisers, or use it for any purpose beyond operating and improving FileDue.

FileDue stores uploaded files temporarily as part of the delivery workflow.

• Uploaded files are stored in Cloudflare R2 and locked until client payment is confirmed.
• Files are automatically and permanently deleted 30 days after payment is received.
• Unactivated delivery links and their associated files are deleted automatically after 30 days.
• Draft files are deleted when a draft is discarded or replaced.
• You are responsible for retaining your own copies of files you deliver. We cannot recover deleted files.

Each delivery link is unique and tied to a specific set of files and a specific price.

• Files are accessible only to clients who have completed payment through the delivery link.
• You are responsible for deciding who receives a delivery link.
• We are not responsible for access caused by forwarding, copying, or publishing a valid link.
• If a link is shared unintentionally, contact us at support@filedue.com and we can deactivate it.

FileDue stores data on infrastructure located in the European Union.

• Application database: Neon, EU region.
• File storage: Cloudflare R2, EU bucket for EUR transactions, US bucket for USD transactions.
• Email delivery: Resend, EU infrastructure.
• Error monitoring: Sentry, EU region.

Exceptions: the following providers may process data on infrastructure outside the EU:

• Stripe: payment data during transaction processing. Stripe is certified under the EU-U.S. Data Privacy Framework and incorporates Standard Contractual Clauses as an additional transfer safeguard. See stripe.com/legal/data-privacy-framework for details.
• Tally: feedback form submissions.

For each, please refer to their respective privacy policies for details on data handling and residency.

We retain your data for as long as your account is active.

• Delivery records and metadata: retained until you delete the delivery or request account deletion.
• Uploaded files: automatically deleted 30 days after payment. Cannot be recovered after deletion.
• Email address and session data: retained until you request account deletion.
• Payment records: retained for 7 years as required by applicable financial regulations.

Billing and transactional messaging are handled by specialist providers.

Stripe processes all payments via Stripe Connect. Your client's card details are entered directly into Stripe's interface and are never stored by FileDue. Payments go directly to your connected Stripe account minus our platform fee. See stripe.com/privacy.

Resend is used to send sign-in codes and service emails such as delivery confirmations.

We use third-party infrastructure to operate FileDue. Depending on the feature you use, your data may be processed by one or more of the following:

• Neon — application database hosting (EU)
• Cloudflare R2 — file storage (EU and US)
• Stripe — payment processing (may process outside EU)
• Resend — email delivery (EU)
• Sentry — error monitoring (EU)
• Tally — feedback collection form (may process outside EU)

We do not share your data with any provider beyond those listed above.

FileDue is intended for professional use by individuals aged 16 and over. We do not knowingly collect data from anyone under 16. If you believe a person under 16 has created an account, contact us and we will delete it.

If you are located in the European Union or European Economic Area, you have rights under the General Data Protection Regulation (GDPR), including the right to access, correct, or delete personal data we hold about you, and the right to object to or restrict certain processing.

To exercise any of these rights, or if you believe a delivery link was exposed unintentionally, contact us at support@filedue.com.

We will respond to requests within 30 days. For complex requests we may extend this by a further 60 days and will notify you if we do so.