Privacy Policy

FileSeal (“we,” “our,” or “us”) is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, process, and protect your information when you use our secure document sharing platform.

FileSeal provides enterprise-grade secure document sharing services for UK professionals including solicitors, mortgage brokers, accountants, and consultants. Our platform enables secure document collection from clients with zero-trust encryption and automatic deletion features.

Sohus Ltd

Company Number: 09369062
Registered Address: 365 Camden Road, London, N7 0SH
Email: privacy@fileseal.co.uk

For all data protection queries, please contact us at: privacy@fileseal.co.uk

Under the General Data Protection Regulation (GDPR), we process personal data on the following legal bases:

Article 6(1)(b) - Contract Performance

• Processing necessary for the performance of our service contract with professional users
• Providing secure document sharing platform access
• Managing user accounts and service delivery

Article 6(1)(f) - Legitimate Interest

• Ensuring platform security and preventing fraud
• Improving our services and user experience
• Direct marketing to existing customers (with opt-out option)
• Compliance with legal obligations and regulatory requirements

Article 6(1)(a) - Consent

• Marketing communications to prospects
• Non-essential cookies and analytics
• Optional features requiring explicit consent

Professional User Data

• Account Information: Name, email address, company name, phone number
• Authentication Data: Encrypted passwords, authentication tokens (via Auth0)
• Usage Data: Request creation, download activities, login timestamps
• Technical Data: IP addresses (anonymized), browser type, device information
• Analytics Data: Page views, session duration, user interactions (anonymized)
• Conversion Data: Sign-up and subscription events for advertising effectiveness measurement

Client Data (Document Uploaders)

• Optional Information: Name and email address (when provided by professional)
• Technical Data: IP addresses, upload timestamps, browser information
• Document Metadata: File names, sizes, upload dates (encrypted)

Document Data

• Encrypted Documents: All files are encrypted client-side before transmission
• File Metadata: Original filenames, file types, sizes (encrypted)
• Access Logs: Download attempts, timestamps, success/failure status

Important: FileSeal uses zero-trust architecture. We never have access to the actual content of your documents as they are encrypted on your device before transmission.

Service Provision

• Creating and managing user accounts
• Processing document upload requests
• Facilitating secure file sharing
• Sending service notifications and confirmations
• Providing customer support

Security and Compliance

• Detecting and preventing fraudulent activities
• Monitoring for security threats and malware
• Maintaining audit trails for compliance
• Responding to legal requests and regulatory requirements

Service Improvement

• Analyzing usage patterns to improve functionality
• Conducting user research and feedback collection
• Developing new features and services
• Performance monitoring and optimization

Analytics and Marketing

• Understanding website usage through Google Analytics (with consent)
• Measuring advertising campaign effectiveness through conversion tracking
• Optimizing user experience based on anonymized behavior data
• Improving platform performance and identifying technical issues
• No remarketing, retargeting, or invasive advertising practices

We only share personal data with trusted third-party service providers necessary for our service operation:

Essential Service Providers

• Auth0 (Authentication): User authentication and account management
• Vercel (Hosting): Platform hosting and content delivery
• Neon (Database): Secure data storage and management
• Resend (Email): Transactional email delivery

Analytics and Advertising Providers (With Consent)

• Google Analytics: Website analytics with IP anonymization and privacy controls
• Google Ads: Conversion tracking for advertising effectiveness measurement only
• Vercel Analytics: Privacy-first performance monitoring

All third-party providers are:

• GDPR compliant with appropriate data processing agreements
• Located within the UK/EU or have adequate data protection measures
• Subject to strict contractual obligations regarding data protection
• Regularly audited for security and compliance standards

We Do NOT Share Data With:

• Advertising networks or data brokers
• Social media platforms (beyond necessary authentication)
• Marketing companies or lead generation services
• Any third parties for commercial purposes

Document Retention

• Uploaded Documents: Automatically deleted after download or expiry (24-168 hours)
• Document Metadata: Retained for audit purposes for 12 months, then anonymised
• Request Records: Kept for compliance and billing purposes for 7 years

User Account Data

• Active Accounts: Retained while account is active and for legitimate business purposes
• Inactive Accounts: Deleted after 24 months of inactivity (with 30-day notice)
• Deleted Accounts: All personal data removed within 30 days of deletion request

Audit and Compliance Data

• Security Logs: Retained for 12 months for security monitoring
• Compliance Records: Kept as required by relevant professional body regulations
• Financial Records: Retained for 7 years as required by UK law

Under GDPR, you have the following rights regarding your personal data:

Right of Access (Article 15)

Request a copy of the personal data we hold about you.

Right to Rectification (Article 16)

Request correction of inaccurate or incomplete personal data.

Right to Erasure (Article 17)

Request deletion of your personal data in certain circumstances.

Right to Data Portability (Article 20)

Request your data in a structured, machine-readable format.

Right to Object (Article 21)

Object to processing of your personal data for direct marketing or legitimate interests.

Right to Restrict Processing (Article 18)

Request restriction of processing in certain circumstances.

Response Time: We will respond to all data protection requests within 30 days. For complex requests, we may extend this by up to 60 days with explanation.

FileSeal implements comprehensive security measures to protect your personal data:

Technical Safeguards

• Zero-Trust Architecture: Client-side encryption before any network transmission
• AES-256-GCM Encryption: Enterprise-grade encryption for all data at rest and in transit
• Advanced Threat Detection: Real-time malware scanning and file validation
• Secure Infrastructure: UK/EU hosting with enterprise security standards

Operational Safeguards

• Access Controls: Role-based access with multi-factor authentication
• Regular Security Audits: Ongoing security assessments and penetration testing
• Incident Response: 24/7 security monitoring and response procedures
• Staff Training: Regular data protection and security training for all staff

Compliance Standards

• GDPR compliance by design and default
• Data Processing Impact Assessment completed to ensure high-risk processing is properly managed
• ISO 27001 information security management (in progress)
• SOC 2 Type II certification (planned)
• Regular compliance audits and assessments

FileSeal is committed to keeping your data within the UK/EU. All our primary service providers are located within the UK or EU, ensuring your data remains within jurisdictions with adequate data protection laws.

Data Location

• Primary Data Storage: United Kingdom and European Union
• Backup Systems: EU-based data centers only
• Processing Locations: UK and EU infrastructure

In the unlikely event that data needs to be transferred outside the UK/EU, we will ensure appropriate safeguards are in place, including Standard Contractual Clauses or adequacy decisions, and will notify affected users.

FileSeal uses cookies to enhance your experience and ensure platform security:

Essential Cookies (No Consent Required)

• Authentication: Secure login and session management
• Security: CSRF protection and security monitoring
• Functionality: User preferences and platform operations

Optional Cookies (Consent Required)

• Google Analytics: Website usage statistics with IP anonymization and privacy controls
• Google Ads: Conversion tracking cookies for measuring advertising effectiveness
• Vercel Analytics: Privacy-first performance monitoring and usage statistics
• Performance: Platform optimization and error tracking

You can manage your cookie preferences at any time through our cookie settings. Disabling non-essential cookies will not affect core platform functionality.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of significant changes by:

• Email notification to registered users
• Prominent notice on our website
• In-app notifications for material changes

Continued use of FileSeal after changes constitute acceptance of the updated Privacy Policy. We encourage you to review this policy periodically.

For questions about this Privacy Policy or our data practices, please contact us:

Regulatory Authority:
If you are not satisfied with our response to your data protection concerns, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO).

ICO Website: https://ico.org.uk
ICO Helpline: 0303 123 1113