Privacy Policy

2) Data Controller & Contacts

General support: [email protected]  •  Abuse: [email protected]

3) Data We Collect

• Account Data — email, username, password hash, verification status, plan tier, subscription dates, support tickets.
• Usage Data — timestamps, host usage statistics, error logs.
• Link Metadata — the host domain and technical parameters necessary to generate a direct link (we do not analyze content; generation is user-initiated).
• Payment Data — limited billing metadata from our payment processors (success/failure, amounts, identifiers). We do not store full card details.
• Crypto Payments — transaction hash, amount, currency/network, payment status, wallet address used (as returned by the processor).
• Cookies — session cookies and preferences; see Cookies.

4) How We Use Data & Legal Bases

• Provide the Service (account, link generation, downloads) — Contract.
• Security & fraud prevention (rate-limits, abuse detection, account protection) — Legitimate interests and Legal obligations.
• Payments & invoicing — Contract and Legal obligations.
• Analytics & product improvement — Legitimate interests (consent where required for cookies).
• Support & communications (transactional emails; optional marketing) — Legitimate interests / Consent for marketing; you may opt out anytime.
• Legal compliance — comply with lawful requests, tax/accounting rules — Legal obligations.

5) Cookies & Similar Technologies

We use cookies and similar technologies to keep you signed in, remember preferences, and understand how the Service is used. On your first visit we present a consent banner for non-essential cookies where required by law.

• Strictly necessary — session/authentication, security, load balancing.
• Preferences — UI settings, language.
• Performance/Analytics — aggregate metrics; disabled until you consent (where required).
• Marketing (optional) — only with your consent.

You can manage preferences any time via your browser settings.

6) Analytics & Metrics

We may use privacy-friendly analytics to measure aggregate usage (e.g., pages visited, approximate geography, device types). Where required, analytics run only after consent. IPs may be truncated or hashed where feasible.

7) Payments (Cards & Crypto)

Card payments are processed by third-party providers; we do not store full card numbers. For cryptocurrency, processing times depend on network confirmations. We may store transaction identifiers and payment status for accounting and fraud prevention.

Payment processors act as independent controllers or processors; see their privacy policies for details.

8) Security & Anti-Abuse

To protect our Service and users, we apply automated safeguards such as rate-limiting, concurrent session checks, and anomaly detection. We keep minimal technical logs (e.g., IP, user agent, timestamps, error codes) for security, troubleshooting, and capacity planning.

9) Sharing & Processors

We share personal data only as needed to operate the Service, comply with law, or with your consent. Typical recipients include:

• Hosting and infrastructure providers;
• Payment processors (cards/crypto);
• Email and customer-support tools;
• Analytics or anti-abuse vendors (where applicable and subject to consent/law).

A current list of subprocessors is available on request: [email protected].

10) International Transfers

Your data may be processed outside your country. Where required, we use lawful transfer mechanisms (e.g., Standard Contractual Clauses, adequacy decisions) and implement appropriate safeguards.

11) Data Retention

• Account data — for as long as your account is not deleted.
• Billing records — typically 5–10 years (local tax/accounting rules apply).
• Security/usage logs — typically 30–180 days unless needed for incident investigation.
• Support tickets — until resolved plus a reasonable period.

We delete or anonymize data when it is no longer needed for the purposes described above.

12) Your Rights (GDPR/CCPA)

GDPR (EEA/UK): you may request access, rectification, erasure, restriction, portability, and object to processing (including profiling/analytics where based on legitimate interests). You may withdraw consent at any time without affecting prior processing.

CCPA/CPRA (California): right to know/access, delete, correct, and opt-out of “sale”/“sharing” for cross-context behavioral advertising; no discrimination for exercising rights. We do not sell or share personal information in the CCPA sense.

You can also lodge a complaint with a supervisory authority (e.g., your local DPA). We will respond within the timelines required by law (typically 1 month GDPR/45 days CCPA).

13) How to Exercise Your Rights

Send your request to [email protected] or use in-product tools where available. We may need to verify your identity (e.g., email verification, requesting additional details). Authorized agents (CCPA) must provide proof of authorization.

• Opt out of marketing: use the unsubscribe link in emails or contact support.
• Cookie preferences: see your browser settings.

14) Do Not Track & Global Privacy Control

We honor applicable browser-level signals where required (e.g., Global Privacy Control for “sale”/“sharing”). Traditional “Do Not Track” signals are not standardized; we rely on consent/cookie preferences where required by law.

15) Children’s Privacy

The Service is intended for adults. We do not knowingly collect personal data from children under the age required by local law. If you believe a child has provided data, contact us and we will take appropriate steps to remove it.

16) Changes to this Policy

We may update this Privacy Policy to reflect legal or operational changes. Material updates will be posted here with a new “Last updated” date. If changes materially affect your rights, we may notify you by email or in-app.

17) Contact

Controller: NeoDebrid — UK

Data requests / DPO: [email protected]  •  Support: [email protected]

Abuse/DMCA: [email protected]