Privacy Policy

Last updated: January 2, 2026

1. Introduction

Hirosend ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our file sharing service.

By using Hirosend, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

Personal Information

When you register for an account, we collect:

  • Name
  • Email address
  • Account credentials (encrypted)

File Information

When you use our service, we collect:

  • File metadata (name, size, type)
  • Upload and download timestamps
  • Share settings and expiration dates

Technical Information

Important: We automatically collect and log:

  • IP addresses for all users and activities
  • Browser type and version
  • Operating system
  • Access times and dates
  • Pages viewed and actions taken
  • Referring website addresses

3. How We Use Your Information

We use the collected information for:

  • Providing and maintaining our Service
  • Processing and completing file transfers
  • Sending email notifications about shares
  • Detecting and preventing fraud or abuse
  • Enforcing our Terms of Service
  • Complying with legal obligations
  • Improving our Service and user experience

4. Security and Safety Measures

To maintain platform security and protect all users, we employ privacy-preserving security measures:

  • File Hash Verification: We generate cryptographic hashes (digital fingerprints) of uploaded files and check these against databases of known malicious content. This process does not involve opening or analyzing your actual file contents.
  • Metadata Analysis: We analyze file properties such as name, size, and type to identify potential security risks without accessing file contents.
  • Third-Party Security Services: File hashes may be checked against reputable threat intelligence databases. Only the hash—not your file—is shared with these services.
  • Automated Systems: Our security systems operate automatically and do not involve human review of your file contents unless required by law or when investigating specific security incidents.

Important: These security measures are designed to protect your privacy while maintaining platform safety. We do not scan, read, or analyze the actual contents of your encrypted files.

5. Security Logs and Monitoring

To ensure platform security and comply with legal requirements, we maintain security logs that include:

  • IP addresses for uploads, downloads, and access attempts
  • Timestamps and activity records
  • Geographic information (country-level)

Security logs are retained as required for legal compliance and security purposes.

6. File Encryption and Storage

We implement multiple layers of protection for your files:

  • Encryption at Rest: All files are encrypted using AES-256-CBC encryption with unique per-file keys
  • Encryption in Transit: TLS 1.3 protects your data during upload and download
  • Zero-Knowledge Option: For password-protected shares, we cannot decrypt your files without the password you set
  • Automatic Deletion: Files are permanently deleted after their expiration date
  • Limited Access: Our staff cannot access file contents unless required by law

7. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share your information only in these circumstances:

  • Legal Requirements: When required by law, subpoena, or court order
  • Protection of Rights: To protect our rights, property, or safety
  • Law Enforcement: To cooperate with law enforcement investigations
  • Business Transfers: In connection with a merger or acquisition
  • With Consent: When you give us explicit permission

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

  • Maintain user sessions
  • Remember user preferences
  • Analyze usage patterns
  • Improve security

You can control cookie settings through your browser, but disabling cookies may limit functionality.

9. Data Security

We implement industry-standard security measures including:

  • SSL/TLS encryption for data in transit
  • AES-256 encryption for files at rest
  • Regular security audits and updates
  • Access controls and authentication
  • Secure data centers

However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

10. Data Retention

We retain your information for as long as necessary to provide our services:

  • Account Information: Until account deletion
  • Files: Until expiration date or manual deletion
  • Security Logs: As required for legal compliance and security purposes

11. Your Rights and Choices

You have the right to:

  • Access your personal information
  • Correct inaccurate information
  • Delete your account and associated data
  • Export your data
  • Opt-out of promotional communications

To exercise these rights, please contact us at [email protected].

12. Data Breach Response

In the unlikely event of a data breach affecting your personal information:

  • We will notify affected users within 72 hours of discovery
  • Notifications will include the nature of the breach, potential impacts, and mitigation steps
  • We maintain incident response procedures aligned with GDPR and applicable breach notification laws

13. Business Customers

Business and Team accounts processing personal data on behalf of their organizations may request our Data Processing Agreement (DPA), which includes:

  • Standard Contractual Clauses for international transfers
  • Security and confidentiality commitments
  • Sub-processor list and notification procedures

Contact [email protected] to request our DPA.

14. Children's Privacy

Hirosend is not intended for users under 16 years of age. We do not knowingly collect information from anyone under 16. If we discover we have collected information from someone under 16, we will promptly delete it.

15. International Data Transfers

Your information may be transferred to and processed in countries other than your own. These countries may have different data protection laws. By using our Service, you consent to such transfers.

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. For material changes, we will provide additional notice via email.

17. Contact Information

For questions about this Privacy Policy or our privacy practices, please contact us at [email protected].