Privacy Notice

Last updated: 2026-04-23

filetemp.io is built around minimising the data we hold about you. This notice explains exactly what we keep, what we don't, and what we can and cannot give to authorities.

What the application stores

• The file you upload, on disk, until its expiration time elapses (1, 7, or 30 days from upload) or you delete it.
• Metadata about the file: original filename, MIME type, size, upload time, expiration time, download count, optional password (stored only as a salted PBKDF2-SHA256 hash, never in plaintext), and an opaque edit token.
• A random session identifier, stored in a first-party cookie named ft_sid. This cookie lets you see and manage the files you uploaded from this browser, without a login. It contains no personal data, no IP address, no email, and is not shared with anyone.
• Abuse reports. When somebody uses the report form we record the report text, the file ID it concerns, the reporter's IP address (so we can mitigate spam reports), and the optional contact email the reporter chose to provide.

What the application does not store

• We do not require accounts and we do not collect names, emails, phone numbers, or government identifiers from uploaders or downloaders.
• We do not record uploader or downloader IP addresses against files.
• We do not write application access logs.
• We do not run analytics, advertising, fingerprinting, or third-party tracking scripts.
• We do not sell, rent, or share data with third parties for marketing.

Operational note: the Service is served directly by the application (we do not run a reverse proxy in front of it) and the application does not write access logs. The underlying server's operating system and our hosting provider may, however, retain short-term network-level connection metadata (for example, firewall counters or NetFlow / connection tables) for the purpose of network operations, abuse mitigation, and security. Such network-level data is not part of the application database, is held outside the application, is kept only as long as operationally necessary, and is subject to the host's own retention policies.

Disclosure to authorities

We may preserve, disclose, or report file contents and associated metadata where we reasonably believe doing so is necessary to: comply with applicable law or valid legal process; enforce our Terms or AUP; respond to claims that content violates third-party rights; or protect the rights, property, or safety of any person.

For apparent child sexual abuse material (CSAM), we are required by law (in the US, 18 U.S.C. § 2258A; in other jurisdictions, equivalent statutes) to preserve the material and report it to the National Center for Missing & Exploited Children (NCMEC) CyberTipline and/or the relevant national hotline. What we can give the authorities is limited to what we actually hold: the file itself, its cryptographic hash, the upload/download timestamps, and the file's opaque session-cookie identifier (which identifies a browser, not a person). We cannot produce information we never collected — in particular, we do not record uploader IP addresses against files and cannot directly identify an uploader by name. Authorities may, with appropriate legal process directed to the hosting provider or to the uploader's internet service provider, attempt to correlate the upload timestamps with network-level connection data those parties may retain.

Retention

• Files and their metadata are deleted automatically upon expiration (1, 7, or 30 days), or sooner if you delete them via My Files, or if we remove them under our AUP.
• Apparent CSAM is preserved for the period required by 18 U.S.C. § 2258A (currently at least 90 days) for transmission to NCMEC and law enforcement, then deleted, unless a longer preservation period is required by valid legal process.
• Abuse reports are retained for as long as necessary to address the report and any follow-up, typically no longer than 12 months unless ongoing legal matters require otherwise.
• The session cookie expires from your browser two years after issue (or sooner if you clear cookies); it is not kept on the server beyond the file rows that reference it.

Your rights

Depending on your jurisdiction (e.g. GDPR, UK GDPR, CCPA), you may have rights of access, deletion, rectification, and objection regarding personal data we hold about you. To exercise these rights, submit a request through the Report Abuse form (any category) and include a contact email so we can reply. Because we hold so little personal data, in most cases the strongest remedy is simply to delete the relevant file via the My Files page.

Children

The Service is not directed at children under the age of 13 and we do not knowingly collect personal information from them. If you believe a child has used the Service, please contact us so that we can delete the relevant data.