Protecting privacy and personal data has never been more important
In this blog post we will briefly explain why it is hard for websites to keep your data safe and what kind data we do have and do not have, why and how we handle it.
We are facing a challenge that is bigger than most people know. Websites are hacked all the time. Stolen information is used by bad actors to commit fraud, extortion and identity theft.
Server software is always designed in a way that there is some record of what happened. If not actively configured differently, on every server there is some log somewhere that keeps a record of what IP addresses were connected when and what they were doing. It is just the default.
Therefor is not enough for a website to “simply not collect” data – they also have to actively disable unnecessary logging. Sadly almost no one knows or cares about that.
No data is secure
Even if a company stores data with military grade encryption, it only needs one careless employee with a virus on his computer or weak password and all is lost.
Also there are security holes discovered in software all the time. Being up to date is important.
We are determined to be one of the websites who care about privacy and set an example for others.
This is why we are decided to write this blog post that contains a full disclosure of what, why, where and how long we store data.
- All our servers have logging disabled.
We only have logs enabled for software errors and things like administrative programs. We need those to keep on eye on things and make sure no one is doing nasty stuff. But the regular user does not come in contact with those.
If someone only visits our website, there is no trace left on our servers.
- We do not ask for personal information. The only thing we want from you is an e-mail address so we can contact you and you can reset your password if you forget it. The less information we have the less information we can loose.
- Our service acts as a middlemen between you and the file-hosting sites, torrent network and usenet. Because of that the filehosting sites never see your IP address nor it will ever be visible in the torrent or usenet network. Your IP address is only visible to our servers, and we do not log it. So nobody can collect information about what you download or what you do. We also do not keep a record of which links you downloaded.
- The only thing we do know is what file-ids you store in your cloud space, but we completely delete that information once you remove it from your cloud space. There is no permanent trace between our user database and our file database.
- Passwords are stored using current best-practice methods. Technically it means we use a password based key derivation function. For the non technical folks that means: Even if someone hacks us and steals the user database, it is not possible to get the passwords out our user-database it and log in on other websites
- Payment records are deleted after 12 months. We also do not store any information like credit card numbers or other information that identifies you.
- We have a lot of “fake accounts” on our own site. We search the internet to see if they turn up somewhere, for example at the website haveibeenpwned.com. We also look if unwanted emails arrive on the email addresses of those accounts. So if we ever get compromised we will likely know, can inform our users and take all necessary steps to make sure our users are safe. So far we have been lucky.
- Your accounts usage statistics do not contain sensitive information. We only store how many megabytes you downloaded on which day and from which service. We do not store which links or files. We also delete that information after 30 days, as you can see in your account.
- All our servers are configured with the minimal software necessary. The less “stuff” is on a server, the less room for security holes is there. We also always install all security updates and take all industry best practice precautions.
- We believe that there is also tendency by governments, police and insurances to collect too much data without thinking about the consequences. They get hacked as well and you never know what the future brings. That’s why our company is located in a country that has good laws for privacy in place and requires minimal cooperation with institutions like insurances and police in other countries.
- The greatest threat comes from within. The data thefts occur because someone inside a company acts careless. That’s why in our company we strictly control who has access to our systems. We do not “hand out the keys to everyone just in case”. Our system administrators are only given access to certain system on an as-needed basis and we have strong control in place. Everyone who would be able to access sensitive data is also personally liable for it and trained in security and privacy.
We thank you for your trust and we will not let you down!
PS: We also have services in our portfolio that you can actively use to enhance your privacy online. Check out our VPN service!