🔒 TempSend

Privacy Policy

Privacy Policy

Last Updated: December 10, 2024

1. Introduction

TempSend ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect information when you use our privacy-first file sharing service. By using TempSend, you agree to the collection and use of information in accordance with this policy.

Our Core Principle: We believe in privacy by design. All encryption happens in your browser, and we never have access to your files or encryption keys.

2. Information We Collect

TempSend collects minimal metadata only. We do not collect or store:

  • File contents (all files are encrypted client-side before upload)
  • Encryption keys (keys never leave your device)
  • Personal identification information
  • Browser information or device identifiers
  • Usage analytics or tracking cookies

What we do collect:

  • File Metadata: Filename, file size, MIME type, and expiry timestamp (stored in encrypted database)
  • Room Metadata: Room ID, creation timestamp, and expiry timestamp
  • Encrypted Blobs: Files are stored as encrypted binary data (ciphertext only)
  • Encryption IVs: Initialization vectors for AES-GCM encryption (required for decryption)
  • Chat Messages: Encrypted chat messages (ciphertext only, keys never stored)
  • Vote Data: Anonymous vote counts and voter fingerprints (hashed, not personally identifiable)

IP Address Processing:

IP addresses are temporarily processed for essential operational purposes:

  • Rate Limiting: Preventing abuse and ensuring service availability for all users
  • Security Monitoring: Detecting and preventing attacks, spam, and malicious activity
  • Error Diagnostics: Troubleshooting server issues and connectivity problems

IP addresses may appear in server access logs and application logs, but are:

  • Not stored in our database or linked to user accounts
  • Not correlated with file contents, room IDs, or encryption keys
  • Not used for tracking, analytics, advertising, or user profiling
  • Not shared with third parties (except as required by law)
  • Automatically rotated/deleted according to standard log retention policies

We treat IP addresses as technical metadata necessary for service operation and abuse prevention, not as personal tracking identifiers.

3. How Encryption Works

TempSend uses end-to-end encryption with the following security measures:

  • AES-GCM Encryption: All files are encrypted using AES-256-GCM (Advanced Encryption Standard with Galois/Counter Mode) in your browser before upload
  • Client-Side Key Generation: Encryption keys are generated randomly in your browser using the Web Crypto API
  • Keys Never Leave Your Device: Encryption keys are only included in URL fragments (after the #), which are never sent to the server
  • Unique IVs: Each file uses a unique initialization vector (IV) for encryption
  • No Key Storage: We have no way to decrypt your files. If you lose the key, the files cannot be recovered

Technical Details:

  • Encryption algorithm: AES-256-GCM
  • Key derivation: PBKDF2 with 100,000 iterations (SHA-256)
  • Key storage: URL fragment only (never transmitted to server)
  • IV generation: Cryptographically secure random IV per file

Password Protection: Rooms can be password protected, which adds an additional layer of security. However, if you share the URL (which contains the encryption key), anyone with the URL can access the room even without the password. Password protection is useful for preventing unauthorized access if someone gains access to the URL, but it does not prevent access if the URL itself is shared.

Verification Limitations: While you can inspect the client-side JavaScript code to verify that encryption occurs in your browser, it is theoretically impossible to definitively prove that encryption keys are never received by the server without compromising server security. We designed TempSend with privacy by design principles, but full verification requires trusting the implementation.

4. Data Storage and Retention

Server Location: Our servers are located in the Netherlands (Eindhoven), providing strong privacy protections under Dutch and EU data protection laws.

Data Retention:

  • Files and rooms automatically expire based on their expiry settings
  • Expired content is permanently deleted from our servers
  • No backups are kept of expired content
  • Database records are deleted when content expires
  • Encrypted file blobs are deleted from disk when content expires

Data Deletion: When you delete a file or room, or when content expires, it is immediately and permanently removed from our servers. We cannot recover deleted or expired content.

5. No Tracking or Analytics

TempSend does not use:

  • Analytics services (Google Analytics, etc.)
  • Tracking cookies or pixels
  • Third-party advertising networks
  • User behavior tracking
  • IP address logging
  • Browser fingerprinting

We do not track your usage, collect analytics, or share data with third parties.

6. Chat and Communication

TempSend includes encrypted chat functionality within rooms:

  • All chat messages are encrypted client-side using AES-GCM before transmission
  • Chat messages are stored in memory on the server (not persisted to disk)
  • Messages are automatically deleted when the room expires
  • Usernames are randomly generated (diceware + number) and not linked to personal information
  • We do not log or monitor chat content

7. Abuse Reporting

TempSend includes an abuse reporting system:

  • Reports are stored with minimal metadata (target type, target ID, reporter hash)
  • Reporter identification uses a hashed fingerprint (not personally identifiable)
  • Content is automatically deleted after a threshold of unique reports
  • We do not log the content of reported files or messages

8. Your Rights

Under applicable data protection laws (including GDPR for EU users), you have:

  • Right to Access (Article 15): Request information about minimal metadata we store
  • Right to Rectification (Article 16): Correct any inaccurate metadata
  • Right to Erasure (Article 17): Delete your files/rooms anytime (permanent removal)
  • Right to Restrict Processing (Article 18): Request limitations on data use
  • Right to Data Portability (Article 20): Limited applicability due to encryption
  • Right to Object (Article 21): Stop processing of your data (by deleting content)
  • Right to Lodge a Complaint (Article 77): File complaints with your data protection authority

To exercise these rights, contact us at policy@tempsend.org.

EU Data Controller: TempSend operates as both data controller and processor for the minimal metadata required to provide our service.

9. Third-Party Services

TempSend does not use third-party services that collect user data. We do not integrate with:

  • Analytics platforms
  • Advertising networks
  • Social media platforms
  • Content delivery networks (CDNs) that track users
  • Third-party authentication services

10. Security Measures

We implement the following security measures:

  • All file transfers use HTTPS/TLS encryption
  • Client-side encryption before upload (AES-256-GCM)
  • Secure random number generation for keys and IVs
  • No plaintext storage of files or keys
  • Automatic expiry and deletion of content
  • Swiss server location with strong data protection laws

11. Children's Privacy (COPPA Compliance)

TempSend is not directed to children under 13 years of age. We do not knowingly collect information from children under 13.

If you are a parent/guardian: If you believe your child under 13 has used TempSend, contact us immediately at policy@tempsend.org and we will delete any associated data. However, due to our zero-knowledge architecture, we cannot identify individual users without specific room/file identifiers.

Age Requirement: By using TempSend, you confirm you are at least 13 years old (or the minimum age required in your jurisdiction).

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.

13. Contact Us

If you have any questions about this Privacy Policy, please contact us:

  • Email: policy@tempsend.org (for legal/privacy inquiries)
  • Website: TempSend

14. Data Retention Schedule

Automatic Deletion Schedule:

  • Files: ALL files are stored as encrypted blobs (end-to-end encrypted) and expire based on user-selected time (5 minutes to 12 hours)
  • Rooms: Automatically deleted when expiry time is reached (maximum 12 hours)
  • Reported Content: Immediately deleted after 3 unique reports for files, or 5 unique reports for rooms
  • Chat Messages: Deleted when room expires
  • Server Logs: No server logs are retained (logging disabled)
  • Database Records: Deleted when content expires, no backups kept

Important: Once content expires or is deleted, it cannot be recovered. We do not maintain backups of expired content.

15. Legal Basis (GDPR)

For users in the European Economic Area (EEA), our legal basis for processing minimal metadata is:

  • Legitimate Interest: Providing the file sharing service requires minimal metadata storage
  • Consent: By using TempSend, you consent to the collection of minimal metadata necessary for the service
  • Contractual Necessity: Metadata is necessary to fulfill the service contract