We don't collect or store your files. We can't see what you're sharing. We keep minimal logs just to keep the service running. That's it. If you want the legal details, keep reading.
We don't collect these. Period. Your files go directly from your device to the recipient's device. They never touch our servers. We couldn't access them even if we wanted to - that's the whole point of peer-to-peer transfer.
To make the WebRTC connection work, we temporarily store: room codes, connection timestamps, number of files in the transfer, file names and sizes. This data is automatically deleted after 24 hours, or immediately after the transfer completes - whichever comes first.
Our server keeps basic logs for debugging and preventing abuse: IP addresses (hashed after 7 days), timestamps, room creation events, connection attempts. These logs are kept for 30 days maximum, then deleted.
We use minimal analytics to understand how people use ZapFile: page views (no tracking across sites), browser type and OS, general location (country level, from IP), transfer success/failure rates. We don't use Google Analytics or similar tracking services. Our analytics are self-hosted and don't track individuals.
That's it. We don't sell data, we don't share it with advertisers, we don't use it for marketing.
We use exactly one cookie: to remember your dark mode preference. That's it. It's stored locally in your browser and never sent to our servers. See our Cookie Policy for more details.
We don't share your data with anyone, with a few exceptions: legal requirements (court order, subpoena, etc.), and our hosting provider (access to server logs in the normal course of providing hosting services). We will never sell your data. Ever. That's not our business model.
All transfers are encrypted using WebRTC's built-in encryption (DTLS/SRTP). This is end-to-end encryption - even we can't decrypt it. Our servers use HTTPS and standard security practices. But honestly, the best security is that we don't store your files in the first place.
Access your data: Since we don't store personal data or accounts, there's not much to access. But if you want to know what server logs we have for a specific IP address, email us. Delete your data: Files are never stored. Server logs auto-delete after 30 days. If you want immediate deletion of logs related to a specific IP, email us. Opt out: Don't use the service. Seriously - we have no accounts, no tracking across sessions, nothing to opt out of beyond just not using ZapFile.
We don't collect personal information from anyone, including children. The service works the same regardless of age. That said, parents should supervise what their kids are sharing online, regardless of the service used.
ZapFile works worldwide. Your files transfer directly between devices, so location doesn't matter much. Our servers are located in [location]. If you're in the EU and have concerns about data transfers, note that we collect minimal data and it's automatically deleted quickly.
If we change how we handle data, we'll update this page and note the date at the top. Big changes? We'll put a notice on the homepage.
If something's unclear or you have privacy concerns, email us at hello@zapfile.ai. We're real people and we'll actually respond.