privacy & terms.

Filey ("Filey", "we", "us") is a file-transfer service operated from the European Union and reachable at filey.cloud. For data-protection purposes Filey is the data controller for the personal data described below.

Questions, requests, or complaints: [email protected].

• You can send files without an account. Email verification just lets us notify you.
• Your files are encrypted in transit (TLS) and at rest (AES-256), hosted in the EU.
• We don't scan, read, sell, or train on your files. We move them.
• Free transfers auto-delete after 14 days. Then they're gone.
• We collect the minimum we need to run the service, bill it, and keep it abuse-free.
• You can ask to see, export, or delete your data at any time.

The rest of this page is the precise version of those promises.

We collect only what the service needs:

• Account data — your email address, and (optionally) display name and avatar, if you create an account.
• Transfer data — the files you upload, their names, sizes and types, any message you add, the sender and recipient email addresses you provide, expiry, and download counts.
• Verification data — for account-free sends, a short-lived hash of the 6-digit code we email you to confirm the address is yours.
• Payment data — if you subscribe to Plus, your subscription status and a Stripe customer reference. Card numbers are handled by Stripe; we never see or store them.
• Security & technical data — your IP address and request metadata, used for rate-limiting, abuse prevention, and security logging.
• Authentication data — session cookies, and (if you enable it) your 2FA time-based one-time-password (TOTP) factor.
• Newsletter — your email address, only if you choose to subscribe.

See our Cookie Policy for the cookies and similar technologies we use.

• To store and deliver your transfers and notify recipients you nominate.
• To tell you when a recipient downloads your file.
• To create and secure your account, including optional two-factor authentication.
• To take payment and manage your Plus subscription.
• To prevent fraud, spam, and abuse, and to keep the service reliable and secure.
• To respond to your requests and, if you opt in, to send our newsletter.
• To produce aggregate, non-identifying usage statistics about the service.

We do not sell your personal data, and we do not use your files to train machine-learning models.

Under the GDPR we rely on the following legal bases:

• Contract (Art. 6(1)(b)) — to provide the transfer service and your account.
• Legitimate interests (Art. 6(1)(f)) — security, abuse prevention, and aggregate analytics, balanced against your rights.
• Consent (Art. 6(1)(a)) — non-essential cookies, advertising on the free plan, and the newsletter. You can withdraw consent at any time.
• Legal obligation (Art. 6(1)(c)) — where we must retain or disclose data to comply with the law.

We use a small set of vetted processors to run Filey. They act on our instructions and are bound by data-processing agreements:

• Supabase — database and authentication (EU region).
• Cloudflare R2 — encrypted object storage for file bytes (EU region).
• Stripe — payment processing for Plus subscriptions.
• Resend — transactional and notification email delivery.
• Dedicated EU servers — the Filey application runs on dedicated servers located in the European Union.
• Google AdSense — advertising on free-plan pages only (see the Cookie Policy).

We may also disclose data where required by law, to enforce our terms, or to protect the rights and safety of users and the public. Where a processor handles data outside the EEA, transfers are protected by Standard Contractual Clauses or an equivalent safeguard.

• Free transfers — files and their metadata are deleted automatically 14 days after sending.
• Plus transfers — kept until you delete them or close your account.
• Account data — kept while your account is open; deleted (or anonymised) after you close it, subject to any legal retention we're required to keep.
• Verification codes — expire within minutes and are then unusable.
• Security logs — kept for a limited period for abuse prevention.

If you're in the EU/EEA you have the right to access, rectify, erase, restrict, and port your personal data, to object to processing based on legitimate interests, and to withdraw consent at any time. To exercise any of these, email [email protected].

You also have the right to lodge a complaint with a supervisory authority. In Greece this is the Hellenic Data Protection Authority (HDPA), dpa.gr. You may also contact the authority in your own EU member state.

We encrypt your files in transit with TLS and at rest with AES-256, store them in private EU-hosted buckets, gate downloads behind unguessable links, and offer optional two-factor authentication. For the full picture see our Security page. No system is perfectly secure, so please use a strong, unique password.

Filey is not intended for anyone under 16. We don't knowingly collect data from children. If you believe a child has used Filey, contact us and we'll delete the account.

By using Filey you agree to these terms. If you don't agree, please don't use the service. These terms form a binding agreement between you and Filey. If you're using Filey on behalf of an organisation, you confirm you're authorised to accept on its behalf.

You agree not to use Filey to store, send, or link to anything that:

• is illegal, or infringes someone else's intellectual-property or privacy rights;
• contains malware, or is intended to harm, deceive, or defraud;
• is sexual content involving minors, or otherwise abusive or unlawful material;
• harasses, threatens, or violates the rights of others;
• attempts to break, overload, probe, or circumvent the service, its rate limits, or its security.

You're responsible for the content you upload and for having the rights to share it. We may remove content and suspend access for violations.

You keep all ownership of the files you send. You grant us a limited licence to store, process, and transmit your files solely to provide the service to you and your recipients — nothing more. We don't claim any rights in your content beyond what's needed to run Filey.

• Free — transfers up to 10 GB, 14-day expiry, ad-supported.
• Plus — €3/month (or 20% off billed yearly): larger transfers, links that don't expire, passwords, full history, and no ads.

Plus is billed in advance through Stripe and renews automatically until cancelled. You can cancel anytime from your settings; access continues until the end of the paid period. Except where required by law, payments are non-refundable. We'll give reasonable notice of any price change.

We work hard to keep Filey running, but we provide it on an "as is" and "as available" basis. We may add, change, or remove features, and we may set or adjust limits, at any time. We may perform maintenance that briefly interrupts the service.

To the fullest extent permitted by law, Filey is provided without warranties of any kind. We are not liable for indirect, incidental, or consequential damages, or for loss of data, profits, or goodwill. Our total liability for any claim is limited to the greater of the amount you paid us in the 12 months before the claim, or €50.

Keep your own backups. Filey is a transfer tool, not a backup service — free transfers are deleted after 14 days.

Nothing here limits liability that cannot lawfully be limited.

You can stop using Filey and delete your account at any time. We may suspend or terminate access if you breach these terms, if required by law, or to protect the service and its users. On termination, your right to use Filey ends and we may delete your content.

These terms are governed by the laws of Greece and the European Union. The courts of Greece have jurisdiction, except where mandatory consumer-protection law gives you the right to bring a claim in your own country of residence.

We may update this document as Filey evolves or the law changes. We'll update the "last updated" date above and, for material changes, give notice in the app or by email. Continuing to use Filey after a change means you accept the updated version.

Privacy requests, legal questions, or anything else: [email protected].