1 Information We Collect
We collect the minimum data necessary to provide our service:
| Data Type | What We Collect | Why |
|---|---|---|
| Account | Username, email, hashed password | Authentication & account management |
| Files | Uploaded file content & metadata | Providing the transfer service |
| Usage | IP address, browser type, pages visited | Security, abuse prevention, analytics |
| Google OAuth | Email, name, profile picture (if you sign in with Google) | Authentication only |
2 How We Use Your Information
We use your data only for the following purposes:
- To create and manage your account
- To store and deliver your uploaded files
- To send transactional emails (e.g., password resets, account notices)
- To detect and prevent fraud, abuse, or illegal activity
- To improve our platform performance and reliability
- To comply with legal obligations
3 Storage & Security
Your data is stored on secure servers. We implement industry-standard measures to protect against unauthorized access, including:
- Password hashing using bcrypt
- HTTPS encryption for all data in transit
- File access controlled by unique retrieval codes
- Regular security reviews and access controls
4 Data Sharing & Third Parties
We do not sell, rent, or trade your personal information. We may share data only in these limited circumstances:
- Service providers — trusted vendors who help operate our infrastructure (e.g., hosting), bound by confidentiality agreements
- Legal compliance — if required by law, court order, or to protect the rights and safety of our users
- Business transfer — in the event of a merger or acquisition, you will be notified before your data transfers
- Google OAuth — when you sign in with Google, data is shared per Google's privacy policy
5 Cookies & Tracking
We use a minimal set of cookies to operate our service:
- Session cookies — to keep you logged in
- Security cookies — to protect against CSRF attacks
- Preference cookies — to remember your settings (e.g., dark mode)
We do not use third-party advertising cookies or tracking pixels. You may disable cookies in your browser, but some features may not function correctly.
6 Data Retention
We retain your data for as long as your account is active or as needed to provide our service:
- Free plan files are deleted automatically after 7 days
- Account data is retained while your account is active
- After account deletion, your data is permanently removed within 30 days
- Some anonymized usage logs may be retained longer for security purposes
7 Your Rights
You have the following rights regarding your personal data:
- Access — request a copy of the data we hold about you
- Correction — update or correct inaccurate data
- Deletion — request deletion of your account and all associated data
- Portability — receive your data in a machine-readable format
- Objection — object to certain types of processing
To exercise any of these rights, email us at privacy@nonafile.com. We will respond within 30 days.
8 Children's Privacy
NonaFile is not directed to children under the age of 13. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, please contact us immediately at privacy@nonafile.com and we will delete it promptly.
9 Changes to This Policy
We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email or through a prominent notice on our platform at least 14 days before changes take effect.
We encourage you to review this policy periodically. Your continued use of NonaFile after changes constitutes acceptance of the updated policy.
10 Contact Us
If you have any questions, concerns, or requests related to this Privacy Policy, please contact us:
- Privacy requests: privacy@nonafile.com
- General support: support@nonafile.com