Privacy Policy

Filewisp ("we", "our", or "us") provides a file sharing platform that lets you upload files, generate shareable links with fine-grained access controls, and receive files from others through Vaults. This Privacy Policy explains what information we collect, how we use it, and the choices you have.

By using Filewisp you agree to the practices described in this policy. If you do not agree, please discontinue use of the service.

Account information. When you sign up we collect your email address, username, and — if you use a social sign-in provider (GitHub or Google) — the public profile information that provider shares with us, such as your display name and avatar URL.

Files and content. When you upload a file we store its name, size, MIME type, a cryptographic hash of its contents, and the file itself. Metadata you add (display names, descriptions) is also stored.

Usage and billing data. We track how much storage and egress bandwidth you consume, the number of shares and vault uploads you create, and your subscription plan. Billing is handled by Stripe; we store only your Stripe customer and subscription identifiers — never your raw payment card details.

Technical data. We log IP addresses, browser user-agent strings, and action records (such as file deletions and share creations) for security and operational purposes. For files uploaded to your Vault by third parties, we also record the uploader's IP address.

We use the information we collect to:

• Provide, maintain, and improve the Filewisp service.
• Process files using AI to power in-app features such as intelligent search and content understanding. Your files are never used to train AI models from our side.
• Moderate content to detect and act on material that violates our policies and applicable law.
• Compact and optimize files as part of routine storage operations to ensure performance and efficiency.
• Manage your subscription and process billing through Stripe.
• Maintain audit logs for security, fraud prevention, and accountability.
• Send transactional communications (e.g. billing receipts, security alerts).

Files are stored in Supabase's S3-compatible object storage infrastructure. When you delete a file or close your account, the record is initially soft-deleted — it is flagged for removal but may be retained for a period to allow for error recovery and audit purposes before being permanently purged from our systems.

Egress usage counters reset on a rolling 30-day cycle. Audit log records are kept for a reasonable period consistent with our security and legal obligations.

We share information with a limited set of service providers who process data on our behalf:

• Supabase — database hosting, authentication, and object storage.
• Stripe — payment processing and subscription management.
• GitHub / Google — OAuth sign-in, only if you choose to authenticate through these providers.

We do not sell, rent, or trade your personal information to third parties for advertising or any commercial purpose.

When you create a share link, that link — combined with the optional password you set — controls who can access your file. Anyone who obtains the link can view or download the file. Passwords are stored as one-way cryptographic hashes; we cannot recover or display them in plaintext.

Vaults are public-facing pages where anyone can upload files to you. We log the IP address of each anonymous uploader for abuse prevention purposes. Vault uploaders do not need an account and are not otherwise tracked by Filewisp.

We apply technical and organizational measures to protect your data, including Row Level Security (RLS) policies enforced at the database level, one-way password hashing for share and vault access controls, and optional encryption for stored files. Access to production systems is restricted to authorized personnel.

No system is completely immune to attack. If you become aware of a security issue, please report it to support@filewisp.com.

You are in control of your data:

• You can delete individual files and shares at any time from the file manager.
• You can deactivate or revoke share links and Vaults at any time.
• You can request deletion of your account and associated data by contacting us at support@filewisp.com. We will process your request within a reasonable timeframe.

Depending on your jurisdiction you may have additional rights, such as the right to access, correct, or port your personal data. Please contact us to exercise these rights.

Filewisp uses cookies and browser storage exclusively to maintain your authenticated session via Supabase Auth. We do not use third-party advertising cookies, cross-site tracking pixels, or analytics beacons that follow you across the web.

We may update this Privacy Policy from time to time. When we do, we will revise the effective date at the top of this page. For material changes we will notify you via email or a prominent in-app notice. Continued use of Filewisp after a change becomes effective constitutes acceptance of the updated policy.

If you have questions, concerns, or requests related to this Privacy Policy, please reach out to us at:

support@filewisp.com