Skip to main content

Privacy Policy

Last updated: January 1, 2026

1. Introduction

R2 Upload (“we”, “our”, or “us”) respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our file upload service.

2. Information We Collect

Account Information

  • Email address
  • Name (optional)
  • Password (hashed, never stored in plain text)
  • Billing information (processed securely by Stripe)

Usage Data

  • Files uploaded (metadata only, we don't scan file contents)
  • API usage statistics
  • IP addresses for security purposes
  • Browser and device information

Files You Upload

When you upload files to our service, we store them securely on Cloudflare R2 or your connected storage (BYOB). We do not access, scan, or analyze the contents of your files except to:

  • Detect file type for validation
  • Generate thumbnails (for images, if enabled)
  • Scan for malware (to protect our infrastructure)

3. How We Use Your Information

We use your information to:

  • Provide and maintain our service
  • Process your payments
  • Send you important service updates
  • Monitor usage for billing purposes
  • Detect and prevent fraud or abuse
  • Improve our service

4. Data Storage and Security

Your data is stored on secure servers provided by our infrastructure partners:

  • Files: Cloudflare R2 (or your BYOB storage)
  • Database: Neon (PostgreSQL)
  • Application: Secure Docker containers

All data is encrypted in transit (TLS 1.3) and at rest. We use industry-standard security practices including regular security audits, penetration testing, and vulnerability scanning.

5. Data Retention

  • Account data: Retained while your account is active, deleted within 30 days of account deletion
  • Files: Retained until you delete them or your account is terminated
  • Logs: Retained for 90 days for security purposes
  • Billing records: Retained for 7 years for legal compliance

6. Third-Party Services

We use the following third-party services:

  • Stripe: Payment processing
  • Cloudflare: CDN, security, and R2 storage
  • Sentry: Error tracking (anonymized)
  • Plausible: Privacy-friendly analytics (no cookies)

7. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data (right to be forgotten)
  • Export your data (data portability)
  • Object to processing
  • Withdraw consent

To exercise these rights, contact us at [email protected].

8. Cookies

We use cookies for:

  • Essential cookies: Required for authentication and security
  • Preference cookies: Remember your theme and settings
  • Analytics cookies: Only with your consent (Plausible - privacy-friendly)

You can manage cookie preferences through our cookie consent banner or your browser settings.

9. Children's Privacy

Our service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us immediately.

10. International Data Transfers

Your data may be transferred to and processed in countries outside your residence. We ensure appropriate safeguards are in place, including Standard Contractual Clauses for transfers outside the EEA.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by email or through our service. Your continued use of the service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this privacy policy or our data practices, contact us at:

For GDPR inquiries, you may also contact your local data protection authority.