Privacy Policy

myfoldr (“we”, “us”) provides a hosted file storage service at myfoldr.com. For privacy questions, contact us at [email protected].

We collect three categories of data, and nothing else:

• Account data. Email address, name (optional), and a hashed password. We use this to authenticate you and contact you about your account.
• Files and metadata you upload. File contents, file names, folder structure, version history, and sharing settings. We store file contents on Cloudflare R2 in a region of your choice; metadata lives in our managed Postgres database.
• Operational logs. IP address, user agent, request paths, and timestamps for security, abuse prevention, and debugging. Logs are retained for up to 90 days unless we have a security or legal reason to keep them longer.

We do not sell your data, mine your files for ads, or use your file contents to train AI models.

• To run the service: store, retrieve, share, and version your files.
• To keep the service safe: detect abuse, scan for malware, prevent fraud.
• To support you: respond to email, troubleshoot bugs you report, and warn you about outages or security incidents.
• To meet legal obligations when we're required to.

We rely on a small number of vendors to deliver the service:

• Cloudflare — object storage (R2), DNS, DDoS protection.
• Railway — application hosting and managed Postgres.
• Vercel — web frontend hosting.
• Sentry — error tracking (if enabled).
• An email delivery provider — for transactional emails (sign-up confirmation, password reset, share notifications).

These vendors process data only on our instructions and are bound by data-processing agreements. We'll update this list when it changes.

Account metadata is stored in the European Union by default. File contents are stored on Cloudflare R2 in the region you select for your workspace. Operational logs may be processed in the US or EU.

• Account data and files: until you delete them or close your account.
• Soft-deleted files: kept for 30 days, then permanently erased.
• Operational logs: up to 90 days.
• Backups: rolling 30-day window, then overwritten.

Wherever you are, you can ask us to:

• Export every file and metadata record we hold for you (one click in Settings).
• Erase your account and everything in it (one click in Settings).
• Correct inaccurate account data.
• Object to or restrict specific processing.

If you're in the EU/UK, you have these rights under the GDPR/UK GDPR. If you think we're mishandling your data, you can also complain to your national data protection authority — but we'd appreciate the chance to fix it first.

We use a single first-party session cookie to keep you signed in. No third-party advertising cookies. No tracking pixels.

Files are encrypted at rest by our storage provider and in transit via TLS. Each workspace is isolated at the database and storage layer. We log every authenticated request and surface it in your audit log. If we discover a breach affecting your data, we'll notify you without undue delay and within the timeframes required by applicable law.

myfoldr is not intended for children under 16. If you believe a child has signed up, email us and we'll erase the account.

When we make material changes we'll email account holders and update the “last updated” date at the top. Continued use after the effective date means you accept the new policy.

Privacy questions, data requests, or anything else: [email protected].