OpenSSD

Privacy Policy

Last Updated: 2/19/2026

1. Introduction

This Privacy Policy describes how OpenSSD ("we", "us", "our") handles information in connection with our file sharing service. BY USING THIS SERVICE, YOU CONSENT TO THIS POLICY.

2. Information We Collect

2.1 Account Information

When you create an account, we may collect:

  • Username
  • Email address (if provided via OAuth)
  • Name (if provided via OAuth)
  • OAuth provider ID (if applicable)

2.2 File Metadata

When you upload files, we collect:

  • File name
  • File size
  • File type
  • Upload date and time
  • Expiration settings (TTL)
  • File hash (MD5)

2.3 Usage Data

We automatically collect:

  • IP addresses
  • Browser type and version
  • Operating system
  • Access times and dates
  • API usage patterns
  • Download statistics

2.4 Security Logs

For security purposes, we log:

  • Login attempts and failures
  • File upload/download events
  • Security violations
  • Blocked IP addresses
  • Malware scan results

3. How We Use Information

We use collected information to:

  • Provide and operate the service
  • Authenticate users
  • Enforce rate limits and quotas
  • Detect and prevent abuse, fraud, and malicious activity
  • Scan files for malware and security threats
  • Generate anonymous usage statistics
  • Comply with legal obligations
  • Respond to DMCA and legal requests

4. Data Storage and Security

4.1 File Storage

Uploaded files are stored on our servers. Files are automatically deleted based on:

  • Time-to-live (TTL) expiration
  • One-shot download settings
  • Account deletion
  • Policy violations

4.2 Security Measures

We implement security measures including:

  • HTTPS/TLS encryption for data in transit
  • Session-based authentication with XSRF protection
  • Rate limiting and IP blocking
  • YARA malware scanning
  • Polyglot and steganography detection
  • Magic byte validation

HOWEVER, NO SYSTEM IS 100% SECURE. We cannot guarantee absolute security. Use passwords and encryption for sensitive files.

5. Data Sharing

5.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties.

5.2 When We Share Data

We may share information in the following situations:

  • Legal Compliance: When required by law, subpoena, court order, or legal process
  • DMCA Requests: Copyright holder information in response to valid DMCA notices
  • Security: To prevent fraud, abuse, or protect rights and safety
  • Service Providers: Local authentication

5.3 Public Information

Files you share via public links are accessible to anyone with the link. This is the core functionality of the service. DO NOT UPLOAD PRIVATE DATA WITHOUT ENCRYPTION AND PASSWORDS.

6. Cookies and Tracking

6.1 Essential Cookies

We use cookies necessary for service operation:

  • plik-session / openssd-session: Session authentication (HttpOnly, Secure)
  • plik-xsrf: XSRF token for security

6.2 No Analytics or Advertising

We do not use third-party analytics, advertising, or tracking cookies.

7. Third-Party Services

7.1 Authentication

Authentication is handled locally. We store only the minimum necessary credentials (username and hashed password).

7.2 Third-Party Links

User-uploaded content may contain links to external sites. We are not responsible for third-party privacy practices.

8. Data Retention

We retain data as follows:

  • Files: Until TTL expiration, deletion by user, or account termination
  • Account Data: Until account deletion
  • Security Logs: Up to 90 days
  • Audit Logs: Up to 1 year

We reserve the right to delete any data at any time for operational reasons.

9. Your Rights

9.1 Access and Control

You can:

  • View your uploaded files
  • Delete your files
  • Delete your account
  • Revoke API tokens

9.2 Data Portability

You can download your files at any time before expiration.

9.3 Account Deletion

Deleting your account will permanently delete all your files and data. This action is irreversible and immediate. No backups are retained.

10. Children's Privacy

This service is not intended for children under 13. We do not knowingly collect information from children under 13. If we discover such data, we will delete it immediately.

11. International Users

This service may be hosted anywhere. By using it, you consent to the transfer and processing of your data in any jurisdiction where we operate.

We make no representations regarding compliance with GDPR, CCPA, or other regional laws.Use at your own risk.

12. Do Not Track

We do not respond to Do Not Track (DNT) signals as we do not track users for advertising or third-party purposes.

13. Changes to This Policy

We may update this policy at any time without notice. The "Last Updated" date will reflect changes. Continued use after changes constitutes acceptance.

14. Data Breaches

In the event of a data breach, we will make reasonable efforts to notify affected users. However, WE MAKE NO GUARANTEES REGARDING BREACH NOTIFICATION.

15. No Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, WE ARE NOT LIABLE FOR:

  • Privacy breaches or unauthorized access
  • Data loss or corruption
  • Misuse of your data by third parties
  • Consequences of sharing public links
  • Security vulnerabilities

Contact

For privacy questions or requests, contact us through the service interface.

🔒 BEST PRACTICE: Always use passwords and client-side encryption for sensitive files. Do not upload personal, confidential, or regulated data without proper protection.