Privacy Policy
1. Data Controller
ZeFile, operated by Infobulle, registered in Togo. For any questions regarding your personal data, you can reach us at [email protected].
2. Information We Collect
We collect information you provide directly when creating an account (email address, phone number, name), using the Service (file metadata, transfer details, payment information), and interacting with our platform (usage data, device information, IP addresses). We use cookies and similar technologies to improve your experience.
3. Legal Basis for Processing
We process your data based on the following legal grounds under GDPR Article 6: - Contractual necessity (Art. 6(1)(b)): Account creation, file transfers, payment processing, and service delivery. - Legitimate interest (Art. 6(1)(f)): Security measures, fraud prevention, service improvement, and debugging. - Consent (Art. 6(1)(a)): Analytics cookies, marketing communications, and data processing for research purposes. You can withdraw consent at any time. - Legal obligation (Art. 6(1)(c)): Tax and financial record retention, compliance with lawful requests from authorities.
4. How We Use Your Information
We use your information to: - Provide and maintain the Service - Process file transfers and payments - Send transactional emails (OTP codes, transfer notifications, receipts) - Improve and personalize your experience - Detect and prevent fraud or security threats - Comply with legal obligations We do not sell your personal information to third parties.
5. File Storage and Retention
Files uploaded to ZeFile are stored on secure cloud infrastructure with encryption in transit. Files are retained until the transfer expires or is deleted by the sender. Expired transfers are automatically removed according to our retention schedule. Account data is retained as long as your account is active and for a reasonable period thereafter for legal and business purposes.
6. Data Retention Periods
We retain your data only as long as necessary: - Uploaded files: Until transfer expiry (default 14 days, maximum 90 days) or manual deletion by the sender. - Account data: For the lifetime of your active account, plus a 7-day grace period after deletion request. - Transaction records: 5 years after the transaction (applicable tax and commercial law). - Activity logs: 12 months. - Analytics data: Per our analytics provider's retention settings, with consent only. - OTP codes: Automatically deleted after verification or expiry (10 minutes). After the retention period, data is permanently and irreversibly deleted.
7. Sub-Processors and Service Providers
ZeFile uses carefully selected third-party service providers to operate. We only share the minimum data necessary. - Cloud file storage (EU): Secure file storage and retrieval. - Database hosting (EU): User accounts and transfer metadata. - Email delivery / Brevo (France): Transactional emails (OTP, notifications). - Payment processing / Startbutton (West Africa): Payment collection and payouts. - Analytics / PostHog (EU/US): Usage analytics (with consent only). - Error monitoring / Sentry (US): Application error tracking. - CDN / Cloudflare (Global): Content delivery and DDoS protection. Each provider operates under a Data Processing Agreement (DPA) that ensures GDPR-compliant handling of your data.
8. International Data Transfers
ZeFile is operated by Infobulle, registered in Togo. We use service providers located in various regions, including the European Union and the United States. When your data is transferred internationally, we ensure protection through: - EU Standard Contractual Clauses (SCCs): Applied to transfers involving EU personal data to countries without an EU adequacy decision. - Adequacy decisions: Where the European Commission has determined the destination country provides adequate data protection. - Data minimization: We limit cross-border transfers to the minimum data necessary for the service to function. Your files are stored in EU-region data centers. Error monitoring and analytics data may be processed in the US under SCCs.
9. Cookies and Tracking
We use the following categories of cookies: Essential cookies (always active): Authentication tokens (access_token, refresh_token), CSRF protection, and locale preferences. These are strictly necessary for the Service to function. Analytics cookies (opt-in only): PostHog analytics, used to understand how users interact with ZeFile and improve the service. These are only activated with your explicit consent. You can manage your cookie preferences at any time using the "Cookie settings" link in the footer or through your account settings. The consent banner will reappear after 13 months or when we update our policies.
10. Your Rights
Under GDPR and applicable data protection laws, you have the right to: - Access your personal data - Correct inaccurate data - Request deletion of your data - Export your data in a portable format - Withdraw consent for data processing - Object to processing of your data You can exercise these rights through your account settings or by contacting us at [email protected].
11. Right to Lodge a Complaint
If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection authority. For users in the European Union, you may contact the supervisory authority in your country of residence. A list of EU data protection authorities is available at edpb.europa.eu. You can also contact us directly at [email protected] and we will do our best to resolve your concern.
12. Data Security
We implement industry-standard security measures to protect your data, including encryption in transit (TLS/HTTPS), secure authentication, rate limiting, CSRF protection, and Content Security Policy headers. We regularly review and update our security practices.
13. Automated Decision-Making
ZeFile uses automated processes in limited cases: - Rate limiting: Automatic temporary restrictions when unusual activity is detected on your account or IP address. - Account blocking: Automated suspension for repeated violations of our Terms of Service. These measures are necessary for the security and proper functioning of the Service. You can contact us at [email protected] to contest any automated decision.
14. Children's Privacy
ZeFile is not intended for use by children under the age of 16. We do not knowingly collect personal information from children. If we become aware that a child has provided personal information, we will take steps to delete it.
15. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or an in-app notification. We encourage you to review this policy periodically.
16. Contact Us
If you have questions about this Privacy Policy or your personal data, please contact us at [email protected].