Your Privacy Matters

Privacy Policy

At Transfilio, we believe transparency is the foundation of trust. This policy explains how we collect, use, and protect your data.

Effective Date: March 1, 2026
Table of Contents
1

Introduction

Welcome to Transfilio (transfilio.com). Transfilio is a business-to-business (B2B) file transfer platform operated by Transfilio, Inc. ("Transfilio," "we," "us," or "our"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our application, or engage with our services.

By accessing or using Transfilio, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this policy, please do not access or use our services.

This policy applies to all users of Transfilio, including workspace administrators, team members, and recipients of shared files. For enterprise customers with custom data processing agreements, those agreements will take precedence where applicable.

2

Information We Collect

We collect information necessary to provide, maintain, and improve our file transfer services. The types of information we collect include:

Personal Data

  • Account information: name, email address, company name, job title, and password (hashed)
  • Billing information: payment method details, billing address, and transaction history (processed securely via Stripe)
  • Communications: messages, feedback, and support requests you send to us

Usage Data

  • Activity logs: features used, pages visited, actions taken, and timestamps
  • Transfer analytics: file transfer counts, sizes, success/failure rates, and download activity
  • Performance data: error logs, load times, and service performance metrics

Device Information

  • Technical data: IP address, browser type and version, operating system, and device identifiers
  • Network data: internet service provider, referring URLs, and general geographic location

File Metadata

  • File properties: file names, sizes, types, and checksums (for integrity verification)
  • Transfer metadata: sender/recipient information, share links, expiration dates, and access permissions

Important: We do not access, view, or analyze the contents of your files. File content is encrypted end-to-end and is only accessible to intended recipients.

3

How We Use Your Information

We use the information we collect for the following purposes:

Service Delivery

To provide, operate, and maintain our file transfer platform, including processing uploads, managing shares, and delivering files to recipients.

Product Improvement

To understand how our services are used, identify trends, and improve the user experience, performance, and reliability of our platform.

Communications

To send transactional emails (transfer notifications, security alerts), respond to support requests, and provide service updates.

Security & Compliance

To detect and prevent fraud, abuse, and unauthorized access. To enforce our Terms of Service and comply with legal obligations.

Billing & Payments

To process subscription payments, manage invoices, and handle billing-related inquiries through our payment processor (Stripe).

Analytics & Insights

To generate aggregated, anonymized analytics that help us understand usage patterns and deliver workspace usage dashboards to administrators.

4

Data Storage & Security

We take the security of your data seriously and employ industry-leading measures to protect it at every stage of processing.

Security Measures

AES-256 Encryption

All files encrypted at rest using AES-256-GCM, the same standard used by governments and financial institutions.

TLS 1.3 in Transit

All data transmitted between your device and our servers is protected with TLS 1.3 encryption.

Secure Infrastructure

Hosted on SOC 2 Type II certified cloud infrastructure with physical access controls and 24/7 monitoring.

SOC 2 Preparation

Transfilio is actively pursuing SOC 2 Type II certification, with controls aligned to Trust Services Criteria.

Additional security measures include role-based access controls, audit logging, automated vulnerability scanning, regular penetration testing, and incident response procedures. Passwords are hashed using bcrypt and never stored in plaintext.

5

Data Retention

We retain your information only as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements.

Data Type Retention Period
Account data Duration of account + 30 days after deletion request
Transferred files Per your plan settings (7-90 days), or until manually deleted
Usage & analytics data 24 months, then aggregated or anonymized
Billing records 7 years (as required by tax and accounting regulations)
Audit logs 12 months (or longer for enterprise compliance plans)
Support communications Duration of account + 12 months after closure

When data reaches the end of its retention period, it is securely deleted or irreversibly anonymized. Enterprise customers may negotiate custom retention schedules via their Data Processing Agreement (DPA).

6

Sharing & Disclosure

We do not sell, rent, or trade your personal information to third parties. Ever.

We may share your information only in the following limited circumstances:

  • Service Providers: We engage trusted third-party processors who assist in operating our platform (e.g., cloud hosting, payment processing, email delivery, analytics). These providers are contractually bound to handle your data securely and only for the purposes we specify.
  • Legal Requirements: We may disclose information if required by law, regulation, legal process, or enforceable governmental request, including to meet national security or law enforcement requirements.
  • Safety & Protection: We may share information when we believe disclosure is necessary to protect the rights, property, or safety of Transfilio, our users, or the public.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.
  • With Your Consent: We may share your information for any other purpose with your explicit consent.
7

International Data Transfers

Transfilio operates globally, and your information may be transferred to, stored, and processed in countries other than the one in which you reside. These countries may have data protection laws that are different from those in your jurisdiction.

When we transfer personal data across borders, we implement appropriate safeguards to ensure your information remains protected:

  • Standard Contractual Clauses (SCCs) approved by the European Commission for transfers from the EEA
  • EU-U.S. Data Privacy Framework certification where applicable
  • Data Processing Agreements (DPAs) with all sub-processors requiring equivalent protection
  • Encryption in transit and at rest regardless of data location

Enterprise customers may request data residency options to ensure files and account data are stored within a specific geographic region (e.g., EU-only storage).

8

Your Rights

Depending on your location, you may have certain rights regarding your personal information. We respect and facilitate these rights regardless of where you are based.

GDPR Rights (EEA Residents)

Under the General Data Protection Regulation

Right of Access - Request a copy of your personal data
Right to Rectification - Correct inaccurate personal data
Right to Erasure - Request deletion of your data
Right to Restrict Processing - Limit how we use your data
Right to Data Portability - Receive your data in a portable format
Right to Object - Object to processing based on legitimate interests

CCPA Rights (California Residents)

Under the California Consumer Privacy Act

Right to Know - What personal information we collect and why
Right to Delete - Request deletion of your personal information
Right to Opt-Out - Opt out of the sale of personal information (we do not sell data)
Right to Non-Discrimination - Exercise your rights without penalty

To exercise any of these rights, please contact us at privacy@transfilio.com. We will respond to verified requests within 30 days (GDPR) or 45 days (CCPA). We will never discriminate against you for exercising your privacy rights.

9

Cookies & Tracking

We use cookies and similar technologies to operate our service, remember your preferences, and understand how you interact with our platform.

Cookie Type Purpose
Essential Authentication, session management, CSRF protection, and security tokens. Required for the service to function.
Functional User preferences such as language, theme (dark/light mode), and display settings.
Analytics Anonymous usage statistics to help us understand how our platform is used and identify areas for improvement.

Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to block or delete cookies. However, if you disable essential cookies, some features of Transfilio may not function properly. We do not use cookies for advertising purposes and do not participate in third-party advertising networks.

We also use server-side analytics that do not rely on cookies or client-side tracking. This privacy-friendly approach allows us to understand platform usage without invasive tracking technologies.

10

Children's Privacy

Transfilio is a business-to-business service and is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16 without verification of parental consent, we will take steps to delete that information promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@transfilio.com and we will work to remove it from our systems.

11

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:

  • We will update the "Effective Date" at the top of this policy
  • We will notify account holders via email at least 30 days before significant changes take effect
  • We will provide a summary of changes on our changelog page
  • We will display an in-app notification for logged-in users

Your continued use of Transfilio after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

12

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, we encourage you to reach out. Our privacy team is committed to addressing your inquiries promptly.

Privacy Inquiries

privacy@transfilio.com

General Support

support@transfilio.com

For GDPR-related inquiries, you also have the right to lodge a complaint with your local Data Protection Authority (DPA) if you believe your data protection rights have been violated.