Privacy Policy
Last updated: March 27, 2026
1. Introduction
This Privacy Policy explains how Filesty (“we”, “our”, “us”) collects, uses, and protects information when you visit filesty.com. We are committed to protecting your privacy and being transparent about our data practices.
2. Our core privacy principle — files never leave your browser
Unlike traditional file conversion services, Filesty processes all files locally in your browser using JavaScript and WebAssembly. Your files are never uploaded to our servers. We have no technical ability to access, read, intercept, or store your files at any point.
This means:
- No file data is ever transmitted over the internet
- No file data is stored on any server
- Processing happens entirely on your device
- Your files remain under your sole control at all times
3. What data we collect
3.1 Server log data (Cloudflare)
When you visit Filesty, our infrastructure provider Cloudflare automatically collects standard HTTP request data, including:
| Data | Purpose | Retention |
|---|---|---|
| IP address (anonymized) | Security, DDoS protection | Up to 180 days |
| Browser type and version | Compatibility analysis | Up to 180 days |
| Operating system | Compatibility analysis | Up to 180 days |
| Referring URL | Traffic analysis | Up to 180 days |
| Pages visited and timestamps | Service improvement | Up to 180 days |
Legal basis: Art. 6(1)(f) GDPR — legitimate interests in maintaining the security and performance of the service.
3.2 Analytics (privacy-preserving)
We use privacy-preserving, cookieless website analytics. The analytics tool we use:
- Does not use cookies
- Does not track individual users across sessions or websites
- Does not store personal data or IP addresses
- Produces only aggregated, anonymized statistics (page views, country-level traffic)
- Complies with GDPR, CCPA, and PECR without requiring a consent banner
3.3 Contact communications
If you contact us by email, we process your email address, name (if provided), and message content solely to respond to your inquiry. This data is not used for any other purpose and is deleted once the inquiry is resolved.
Legal basis: Art. 6(1)(b) GDPR — performance of a contract or pre-contractual steps.
4. Cookies
Filesty uses only technically necessary cookies. We do not use advertising, tracking, or profiling cookies.
| Cookie | Set by | Purpose | Duration |
|---|---|---|---|
| cf_clearance | Cloudflare | Security/bot protection | Session |
| __cf_bm | Cloudflare | Bot management | 30 minutes |
Because we use only strictly necessary cookies, no cookie consent banner is required under the EU ePrivacy Directive (Art. 5(3)).
5. Third-party services and sub-processors
| Service | Provider | Purpose | Privacy Policy |
|---|---|---|---|
| CDN & DDoS protection | Cloudflare, Inc. | Infrastructure | cloudflare.com/privacypolicy |
| JavaScript libraries (Bootstrap, pdf-lib) | jsDelivr / GitHub | CDN delivery of open-source libraries | jsdelivr.com/privacy |
Cloudflare acts as a data processor under a Data Processing Agreement (DPA). All data is processed in accordance with GDPR requirements.
6. International data transfers
Our infrastructure is provided by Cloudflare, which operates globally. Data transfers outside the EEA are covered by Standard Contractual Clauses (SCCs) and Cloudflare’s Data Privacy Framework certification.
7. Your rights under GDPR
As a data subject, you have the following rights:
- Right of access (Art. 15) — request a copy of data we hold about you
- Right to rectification (Art. 16) — correct inaccurate data
- Right to erasure (Art. 17) — request deletion of your data
- Right to restriction (Art. 18) — limit processing of your data
- Right to data portability (Art. 20) — receive your data in a portable format
- Right to object (Art. 21) — object to processing based on legitimate interests
To exercise any of these rights, contact us at the privacy email address shown at the top of this page. We will respond within 30 days.
8. Right to lodge a complaint
You have the right to lodge a complaint with your national data protection supervisory authority at any time:
- Poland: Urząd Ochrony Danych Osobowych (UODO) — uodo.gov.pl
- EU: Your national Data Protection Authority — edpb.europa.eu/about-edpb/about-edpb/members
9. Data security
We implement appropriate technical and organisational measures to protect data against unauthorized access, alteration, disclosure, or destruction, including:
- TLS/HTTPS encryption for all traffic
- Cloudflare’s enterprise-grade security infrastructure
- No server-side storage of user files
10. Children’s privacy
Filesty is not directed at children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
11. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top of this page. We encourage you to review this page periodically.
Continued use of Filesty after changes take effect constitutes acceptance of the updated policy.