Privacy Policy
Last Updated: 2/19/2026
1. Introduction
This Privacy Policy describes how OpenSSD ("we", "us", "our") handles information in connection with our file sharing service. BY USING THIS SERVICE, YOU CONSENT TO THIS POLICY.
2. Information We Collect
2.1 Account Information
When you create an account, we may collect:
- Username
- Email address (if provided via OAuth)
- Name (if provided via OAuth)
- OAuth provider ID (if applicable)
2.2 File Metadata
When you upload files, we collect:
- File name
- File size
- File type
- Upload date and time
- Expiration settings (TTL)
- File hash (MD5)
2.3 Usage Data
We automatically collect:
- IP addresses
- Browser type and version
- Operating system
- Access times and dates
- API usage patterns
- Download statistics
2.4 Security Logs
For security purposes, we log:
- Login attempts and failures
- File upload/download events
- Security violations
- Blocked IP addresses
- Malware scan results
3. How We Use Information
We use collected information to:
- Provide and operate the service
- Authenticate users
- Enforce rate limits and quotas
- Detect and prevent abuse, fraud, and malicious activity
- Scan files for malware and security threats
- Generate anonymous usage statistics
- Comply with legal obligations
- Respond to DMCA and legal requests
4. Data Storage and Security
4.1 File Storage
Uploaded files are stored on our servers. Files are automatically deleted based on:
- Time-to-live (TTL) expiration
- One-shot download settings
- Account deletion
- Policy violations
4.2 Security Measures
We implement security measures including:
- HTTPS/TLS encryption for data in transit
- Session-based authentication with XSRF protection
- Rate limiting and IP blocking
- YARA malware scanning
- Polyglot and steganography detection
- Magic byte validation
HOWEVER, NO SYSTEM IS 100% SECURE. We cannot guarantee absolute security. Use passwords and encryption for sensitive files.
5. Data Sharing
5.1 We Do Not Sell Your Data
We do not sell, rent, or trade your personal information to third parties.
5.2 When We Share Data
We may share information in the following situations:
- Legal Compliance: When required by law, subpoena, court order, or legal process
- DMCA Requests: Copyright holder information in response to valid DMCA notices
- Security: To prevent fraud, abuse, or protect rights and safety
- Service Providers: Local authentication
5.3 Public Information
Files you share via public links are accessible to anyone with the link. This is the core functionality of the service. DO NOT UPLOAD PRIVATE DATA WITHOUT ENCRYPTION AND PASSWORDS.
6. Cookies and Tracking
6.1 Essential Cookies
We use cookies necessary for service operation:
- plik-session / openssd-session: Session authentication (HttpOnly, Secure)
- plik-xsrf: XSRF token for security
6.2 No Analytics or Advertising
We do not use third-party analytics, advertising, or tracking cookies.
7. Third-Party Services
7.1 Authentication
Authentication is handled locally. We store only the minimum necessary credentials (username and hashed password).
7.2 Third-Party Links
User-uploaded content may contain links to external sites. We are not responsible for third-party privacy practices.
8. Data Retention
We retain data as follows:
- Files: Until TTL expiration, deletion by user, or account termination
- Account Data: Until account deletion
- Security Logs: Up to 90 days
- Audit Logs: Up to 1 year
We reserve the right to delete any data at any time for operational reasons.
9. Your Rights
9.1 Access and Control
You can:
- View your uploaded files
- Delete your files
- Delete your account
- Revoke API tokens
9.2 Data Portability
You can download your files at any time before expiration.
9.3 Account Deletion
Deleting your account will permanently delete all your files and data. This action is irreversible and immediate. No backups are retained.
10. Children's Privacy
This service is not intended for children under 13. We do not knowingly collect information from children under 13. If we discover such data, we will delete it immediately.
11. International Users
This service may be hosted anywhere. By using it, you consent to the transfer and processing of your data in any jurisdiction where we operate.
We make no representations regarding compliance with GDPR, CCPA, or other regional laws.Use at your own risk.
12. Do Not Track
We do not respond to Do Not Track (DNT) signals as we do not track users for advertising or third-party purposes.
13. Changes to This Policy
We may update this policy at any time without notice. The "Last Updated" date will reflect changes. Continued use after changes constitutes acceptance.
14. Data Breaches
In the event of a data breach, we will make reasonable efforts to notify affected users. However, WE MAKE NO GUARANTEES REGARDING BREACH NOTIFICATION.
15. No Liability
TO THE MAXIMUM EXTENT PERMITTED BY LAW, WE ARE NOT LIABLE FOR:
- Privacy breaches or unauthorized access
- Data loss or corruption
- Misuse of your data by third parties
- Consequences of sharing public links
- Security vulnerabilities
Contact
For privacy questions or requests, contact us through the service interface.
🔒 BEST PRACTICE: Always use passwords and client-side encryption for sensitive files. Do not upload personal, confidential, or regulated data without proper protection.