Privacy Policy

Data controller: FileKit
Contact: info@filekit.eu

FileKit generally acts as a controller for account data, billing data, support communications, service analytics, fraud-prevention logs, and other data needed to operate the platform.

For user-provided content, including uploaded files, converted files, generated outputs, QR payload data, and destination URLs, FileKit may process such content primarily to provide the service requested by the user. Depending on the context, this may be operationally similar to processor-style handling of user content, while FileKit remains controller for the surrounding account, security, payment, and platform administration functions.

Where analytics features are enabled, we may process usage and scan-related event data to measure performance, improve reliability, prevent abuse, and provide analytics functionality.

Depending on the feature used, this may include event timestamp, destination request data, approximate technical metadata, browser or device category, and other service usage information. If IP-related data is processed for analytics, security, or fraud prevention, we treat it as personal data where required by applicable law.

We do not describe exact analytics fields here as fixed in all cases because they may vary by feature, deployment, abuse-prevention need, or processor configuration.

• Contract performance: registration, login, QR creation, file conversion, storage necessary for delivery, and other core service functions.
• Consent: non-essential cookies, consent-based analytics, and any optional marketing features where offered.
• Legal obligation: invoicing, accounting, tax, compliance, and lawful response obligations.
• Legitimate interests: service security, fraud prevention, abuse detection, troubleshooting, system monitoring, and service improvement.

We may use service providers that process data on our behalf, such as:

• Payment providers, such as Stripe, for billing and payment processing.
• Analytics providers, such as Google Analytics, for usage measurement.
• Hosting, storage, CDN, email delivery, and infrastructure providers needed to operate the service, deliver files and QR outputs, secure the platform, and maintain availability.

Processors may change over time as our infrastructure evolves.

Some processors or infrastructure providers may process data outside the European Economic Area. Where applicable, we rely on recognized transfer safeguards, such as the EU Standard Contractual Clauses, or other lawful transfer mechanisms.

Personal data linked to a FileKit user account is generally retained for as long as the user maintains that account.

If a user deletes their FileKit account, the personal data associated with that account will be deleted or irreversibly anonymized, except where continued retention is required by applicable law, necessary for billing or accounting compliance, needed for security or fraud prevention, or temporarily retained in secure backups until deletion cycles are completed.

• Account data: retained while the account remains active.
• Uploaded files, converted files, and generated outputs: retained while associated with the active account or as needed to provide the service.
• QR outputs and related records: retained while associated with the active account or as needed for service delivery and account access.
• Analytics and log data: retained for a limited period appropriate to analytics, reliability, and security purposes.
• Billing and invoice data: retained for the period required by applicable accounting and tax laws.
• Backups: deleted data may remain in secure backups for a limited rolling period until those backups expire or are overwritten.

Subject to applicable law, you may have the right to request access, rectification, deletion, restriction, portability, or objection to certain processing.

To exercise your rights, contact us at info@filekit.eu. We may ask for information necessary to verify your identity before acting on a request.

You may also have the right to lodge a complaint with your local supervisory authority.

We use reasonable technical and organizational measures designed to protect data from unauthorized access, misuse, alteration, disclosure, or loss.

• Transport encryption such as HTTPS/TLS.
• Restricted access controls and authentication measures.
• Password storage protections for account credentials.
• Operational logging and monitoring for reliability and abuse detection.
• Security-oriented deletion and lifecycle handling for service data where applicable.
• Incident response and remediation efforts appropriate to the size and nature of the service.

FileKit is not directed to children. Do not use the service if you are not legally permitted to do so under applicable law.

Users should not upload or submit special-category personal data, confidential information, or other highly sensitive material unless they are legally authorized to do so and such processing is necessary for their intended lawful use.

We use cookies and similar technologies for site functionality, security, and analytics. Non-essential cookies should only be used on the basis of consent where required.

• Strictly necessary cookies: core functionality, authentication support, and security-related operation.
• Analytics cookies: site usage measurement and product improvement, including tools such as Google Analytics where enabled.

We may update this notice from time to time. We will publish updates on this page and may provide additional notice for material changes. The most recent effective date will always appear at the top of this page.