Privacy Policy

Last updated: 3 May 2026

1. Who we are

filedup ("we", "us", "our") is a document organization tool currently in pre-launch. We are based in Singapore. For privacy questions or to exercise the rights described below, email [email protected].

For the purposes of Singapore's Personal Data Protection Act and equivalent laws in other jurisdictions, filedup acts as the data controller (or "organization" under PDPA terminology) for personal data we collect under our Free, Plus, Pro, Family, and Business tiers. Our designated Data Protection Officer (DPO) is the founder of filedup, reachable at [email protected].

Scope. This Privacy Policy applies to our consumer and Business tiers, and to the public website and waitlist. Enterprise self-hosted deployments are governed by a separate Master Software License Agreement (MSLA); see Section 15 below.

2. What we collect

Right now (pre-launch waitlist)

• Email address — when you sign up for the waitlist.
• Basic server logs (IP address, user agent, timestamp) retained for up to 30 days for security and abuse prevention.

When the iOS product launches

• Account info: email, name, device identifier.
• Vault metadata: vault names, document counts, last-modified timestamps. Document content stays on your iPhone — only this metadata is synced.
• Subscription status: tier, billing cycle. Payment data is handled directly by Apple (App Store / In-App Purchase) or Stripe (web billing) — we never see card numbers.
• Usage metrics: aggregate only (count of vaults created, app sessions). Never document content.

If you use the share-link feature

• The documents you choose to share are encrypted on your device with a key derived from a password you set.
• The encrypted bundle passes through our relay so the recipient can fetch it. We cannot decrypt it. We do not retain it after the link expires (default: 7 days).
• Recipient access logs (timestamp, IP) retained for 14 days for abuse prevention, then deleted.

What we never collect

• Your document content. Documents are processed on your iPhone using Apple Intelligence, or in your browser for the web demo. They are not transmitted to our servers in plaintext at any point.
• Extracted fields (vendor, date, amount, etc.) — these stay on your iPhone.
• Data used to train any AI model. We do not train AI on user data.
• Biometric data, government-issued ID numbers, or health records (these are prohibited from upload — see Terms of Service §4).

3. How we use your data

• Email: launch notifications, account management, security alerts, billing receipts. Marketing email only with separate opt-in.
• Logs: security monitoring, abuse prevention, troubleshooting. Not for advertising or profiling.
• Vault metadata: to let you see your vault list and sync structure across your Apple devices.
• Aggregate usage metrics: to understand which features are used so we can improve them.

We do not sell your data. We do not share it with advertisers. We do not engage in cross-context behavioral advertising.

4. Automated decision-making and AI

filedup uses on-device AI (Apple Intelligence on iPhone, or a local OCR pipeline in the web demo) to extract document fields such as vendor, date, and amount. This processing happens entirely on your device.

• You remain in control. Every AI-extracted field is reviewable and editable by you before it is saved.
• No automated decisions with legal or significant effect are made about you. filedup classifies documents; it does not decide on credit, employment, insurance, or similar.
• You may disable AI extraction in Settings and use filedup purely as a manual filing tool.

5. Third parties (sub-processors)

We use the following service providers, each under data protection agreements that bind them to comparable standards. We will update this list before adding any new sub-processor that receives personal data.

• Apple — App Store distribution, In-App Purchase, push notifications, iCloud (your own iCloud, where you choose). No document content; subscription and device metadata only.
• Stripe — payment processing for web/B2B billing (PCI-DSS Level 1; they handle all card data; we never see card numbers).
• Supabase — account database (email, vault names, subscription status). Encrypted at rest. Hosted in Singapore region where available.
• Cloudflare — CDN, DDoS protection, share-link relay. Encrypted bundles only; we do not hold the decryption key.
• Postmark — transactional email (sign-up confirmation, password reset, billing receipts). Email address and message content only.

6. Cross-border data transfers

Some sub-processors operate outside Singapore (notably Stripe, Cloudflare, and Postmark, which have US infrastructure). Under PDPA Section 26 we ensure each overseas recipient is bound by enforceable contractual obligations to provide a standard of protection comparable to PDPA, through Standard Contractual Clauses or equivalent.

If you reside outside Singapore, your data may be processed in Singapore and in the jurisdictions of these sub-processors. By using filedup you consent to this transfer where required.

7. Your rights

Subject to local law, you have the right to:

• Access — request a copy of the personal data we hold about you.
• Correction — request correction of inaccurate data.
• Deletion — request deletion of your data, subject to legal retention obligations.
• Portability — request your data in a machine-readable format (JSON).
• Withdraw consent — at any time, by unsubscribing or emailing us. Withdrawal does not affect prior lawful processing.
• Object to processing — for marketing purposes at any time; for other purposes where local law allows.
• Lodge a complaint with your local data protection authority (PDPC for Singapore, OAIC for Australia, OPC for Canada, or your state Attorney General in the US).

Email [email protected] with the subject line "Privacy Request." We will respond within 30 days. We may verify your identity before fulfilling a request.

Additional rights for California residents (CCPA / CPRA)

• Right to know what categories of personal information we collect, the sources, the business purposes, and the third parties we share with.
• Right to delete personal information we hold.
• Right to correct inaccurate personal information.
• Right to opt out of "sale" or "sharing" of personal information — note that we do not sell or share personal information for advertising or other commercial purposes.
• Right to limit use of sensitive personal information — we do not collect sensitive personal information as defined by CPRA.
• Right to non-discrimination for exercising these rights.

8. Retention

• Waitlist emails: until you unsubscribe, or 24 months after our last communication with you, whichever is sooner.
• Account data: until you delete your account. Purged from production within 30 days of deletion; from backups within 90 days.
• Server logs: up to 30 days.
• Share-link encrypted bundles: deleted within 24 hours of link expiry (default 7 days).
• Share-link recipient access logs: 14 days, then deleted.
• Billing records: 7 years (Singapore tax law requirement).
• Aggregated, anonymized analytics: may be retained indefinitely; cannot be re-identified.

9. Cookies and tracking

We use only essential cookies required for the site to function (session, security). We do not use third-party tracking cookies, advertising cookies, or analytics trackers. The iOS app does not use IDFA for advertising; we do not request App Tracking Transparency permission because we do not track.

10. Jurisdiction and geographic scope

filedup is not offered to, or targeted at, residents of the European Union, United Kingdom, Switzerland, Norway, Iceland, or Liechtenstein. Users from these regions should not sign up. If you believe you have signed up from one of these regions in error, please email [email protected] to be removed.

filedup is designed to comply with:

• Singapore Personal Data Protection Act 2012 (PDPA)
• California Consumer Privacy Act / California Privacy Rights Act (CCPA / CPRA) and other applicable US state privacy laws (Virginia, Colorado, Connecticut, Utah, Texas, etc.)
• Australian Privacy Act 1988 and the Australian Privacy Principles
• Canadian Personal Information Protection and Electronic Documents Act (PIPEDA)

11. Children

filedup is not directed to or intended for children under 13 (or 16 in jurisdictions where that is the applicable age, including the COPPA-equivalent threshold). We do not knowingly collect personal information from children. If you are under these ages, please do not sign up. Parents or guardians who become aware that a child has provided us information may email [email protected] to have it removed promptly.

12. Security

We take reasonable administrative, technical, and physical measures to protect the data we hold:

• TLS 1.3 in transit; AES-256 at rest.
• Passwords hashed with bcrypt or equivalent; never stored or logged in plaintext.
• Share-link bundles encrypted client-side with a user-derived key; we cannot decrypt.
• Access to production systems is role-based, MFA-required, and logged.
• Regular dependency and infrastructure security review.

No system is perfectly secure. In the event of a breach affecting your personal data we will notify you without undue delay (and in any event within 72 hours of confirmation, where required by applicable law). For security disclosures, email [email protected] or see /.well-known/security.txt.

13. Enterprise (self-hosted) deployments

Our Enterprise tier ships as a software package that customers deploy on their own infrastructure (private cloud, on-prem, or sovereign cloud). In Enterprise deployments:

• The customer organization is the data controller for all personal data within the deployment. filedup is the software licensor only; we do not process customer data.
• Account metadata, audit logs, share-link relays, and database all run on the customer's own infrastructure. filedup does not have access to them.
• We do not receive telemetry from Enterprise deployments by default. Optional, anonymous diagnostic telemetry can be enabled by the customer's administrator.
• Each Enterprise deployment is governed by a Master Software License Agreement (MSLA) separate from these consumer terms. The MSLA addresses license scope, support obligations, warranty, source-availability where applicable, and customer-side data protection responsibilities.
• This Privacy Policy does not apply to data processed within an Enterprise deployment. The customer's own privacy notice and data protection arrangements govern that data.

Enterprise customers in the European Union, United Kingdom, Switzerland, or other regions excluded from our consumer offering may license filedup Enterprise for self-hosted use, because in that arrangement filedup is not processing the customer's personal data. The customer assumes full data protection responsibility within their jurisdiction. Contact [email protected] for the MSLA and a deployment guide.

14. Changes to this policy

We may update this policy. Material changes will be communicated to account holders by email at least 14 days before taking effect. The "Last updated" date above will reflect any change. Continued use after the effective date constitutes acceptance.

15. Contact

Privacy questions and rights requests: [email protected]
Security disclosures: [email protected]
General contact: [email protected]