Privacy Policy

Last updated: [DATE]

1. Introduction

FileGuardian ("we," "us," or "our") is committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This Privacy Policy explains how we collect, use, process, and protect your personal data when you use our secure document collection platform.

2. Data Controller Information

Data Controller:
FileGuardian
hello@fileguardian.co.uk

3. Data We Collect

3.1 Account Information

When you create an account, we collect:

  • Name and email address
  • Company information
  • Payment information (processed by Paddle)
  • Account credentials and authentication data

3.2 Contact Information

You may add contact details including:

  • Contact names
  • Email addresses
  • Phone numbers
  • Company names

3.3 Usage Data

We automatically collect:

  • IP addresses and device information
  • Browser type and version
  • Pages visited and time spent on our platform
  • Request timestamps and access logs
  • Technical data for service optimization

3.4 Documents and Files

  • Documents uploaded through our platform by your contacts
  • Metadata associated with uploaded files
  • Communication logs related to document requests

3.5 Communication Data

  • Support correspondence
  • Email communications related to our service
  • Notification preferences

4. Legal Basis for Processing

We process your personal data under the following legal bases:

4.1 Contract Performance (Article 6(1)(b) GDPR)

  • Providing our document collection services
  • Managing your account and subscription
  • Processing payments

4.2 Legitimate Interests (Article 6(1)(f) GDPR)

  • Platform security and fraud prevention
  • Service improvement and optimization
  • Customer support
  • Business analytics (anonymized where possible)

4.3 Legal Obligation (Article 6(1)(c) GDPR)

  • Compliance with tax and accounting requirements
  • Responding to legal requests
  • Regulatory compliance

4.4 Consent (Article 6(1)(a) GDPR)

  • Marketing communications (where required)
  • Optional features requiring explicit consent

5. How We Use Your Data

5.1 Service Provision

  • Creating and managing your account
  • Generating secure upload links
  • Facilitating document collection
  • Providing customer support
  • Processing payments through Paddle

5.2 Communication

  • Sending service-related notifications
  • Providing customer support
  • Sharing important account updates
  • Marketing communications (with consent)

5.3 Security and Compliance

  • Monitoring for security threats
  • Preventing fraud and abuse
  • Maintaining audit logs
  • Ensuring GDPR compliance

5.4 Service Improvement

  • Analyzing usage patterns (anonymized)
  • Developing new features
  • Optimizing platform performance

6. Data Sharing and Disclosure

6.1 Third-Party Service Providers

We share limited data with trusted providers:

Paddle (Payment Processing)

  • Payment information and transaction data
  • Subject to Paddle's privacy policy and GDPR compliance

Infrastructure Providers

  • Technical data necessary for hosting and security
  • All providers are EU-based and GDPR-compliant

6.2 Legal Requirements

We may disclose data when required by:

  • Court orders or legal processes
  • Law enforcement requests
  • Regulatory investigations
  • Protection of our rights or others' safety

6.3 Business Transfers

In the event of a merger, acquisition, or sale, personal data may be transferred to the new entity, subject to the same privacy protections.

7. Data Storage and Security

7.1 Location

  • All data is stored exclusively within the European Union
  • Our servers and data centers are located in Germany
  • No data transfers occur outside the EU/EEA

7.2 Security Measures

  • End-to-end encryption for document transmission
  • Encrypted data storage
  • Regular security audits and assessments
  • Access controls and authentication measures
  • Employee training on data protection

7.3 Data Retention

  • Account data: Retained while your account is active plus 1 year after closure
  • Legal compliance data: As required by applicable laws

8. Your Rights Under GDPR

8.1 Right of Access (Article 15)

You can request a copy of all personal data we hold about you.

8.2 Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete data.

8.3 Right to Erasure (Article 17)

You can request deletion of your personal data in certain circumstances.

8.4 Right to Restrict Processing (Article 18)

You can request that we limit how we process your data.

8.5 Right to Data Portability (Article 20)

You can request your data in a portable format.

8.6 Right to Object (Article 21)

You can object to processing based on legitimate interests.

8.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time.

8.8 Right to Lodge a Complaint

You can file a complaint with your local data protection authority.

9. Exercising Your Rights

To exercise your rights:

  1. Send a request to hello@fileguardian.co.uk
  2. Include your full name and account email
  3. Specify which right you wish to exercise
  4. Provide any relevant details

We will respond within 30 days of receiving your request.

10. Cookies and Tracking

10.1 Essential Cookies

We use necessary cookies for:

  • Account authentication
  • Security features
  • Basic functionality

10.2 Analytics Cookies

With your consent, we use analytics cookies to:

  • Understand platform usage
  • Improve our services
  • Generate anonymized statistics

10.3 Cookie Management

You can manage cookie preferences through your browser settings or our cookie preference center.

11. International Transfers

We do not transfer personal data outside the EU/EEA. All processing occurs within the European Union using GDPR-compliant infrastructure.

12. Children's Privacy

Our service is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children under 16.

13. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms:

  • We will notify the relevant supervisory authority within 72 hours
  • We will inform affected individuals without undue delay
  • We will provide clear information about the breach and our response

14. Updates to This Policy

We may update this Privacy Policy to reflect:

  • Changes in our practices
  • Legal or regulatory requirements
  • Service enhancements

We will notify you of material changes via email or platform notification at least 30 days before they take effect.

15. Contact Information

15.1 General Privacy Questions

Email: hello@fileguardian.co.uk

15.2 Supervisory Authority

If you're unsatisfied with our response to your privacy concerns, you can contact your local data protection authority.

16. Specific Provisions for Business Customers

16.1 Controller-Controller Relationship

When you use our platform to collect documents from your customers, you and we act as separate data controllers for the personal data processed.

16.2 Your Responsibilities

You must:

  • Ensure lawful basis for collecting personal data
  • Provide appropriate privacy notices to your customers
  • Respect individuals' rights regarding their data
  • Comply with applicable data protection laws

16.3 Our Role

We process documents and related data solely to provide our secure collection service and maintain platform security.

This Privacy Policy is effective as of 10th July 2025 and supersede all previous versions.