GDPR

We never receive your file content in readable form. Files are encrypted on the sender's device before leaving it. We never receive your decryption keys in usable form. We do not see your biometric data or your passkey private keys.

Account email addresses, file metadata (names, sizes, type, timestamps), recipient email addresses, access events (when a file was opened, from where), and the technical identifiers used by our coherence engine to detect suspicious access patterns. IP addresses are kept in hashed form after 90 days.

Our primary data store and our file relay are hosted in the European Union (Frankfurt and Stockholm AWS regions). Sub-processors outside the EU are listed in our privacy notice; transfers rely on the European Commission's Standard Contractual Clauses.

Under GDPR you have the right to access, rectify, port, restrict, or erase your personal data, and to object to certain processing. You may also lodge a complaint with your local supervisory authority. Send requests to hello@aspisfile.com; we respond within 30 days.

For privacy enquiries, write to hello@aspisfile.com.