Filemium GDPR Compliance Statement

At Filemium, safeguarding your data and privacy is our top priority, and we are dedicated to upholding the standards set forth in the General Data Protection Regulation (GDPR). GDPR establishes guidelines for data protection and privacy for EU citizens, and we extend these principles globally to ensure the utmost privacy and security for all our users.

Key Principles

Transparency: Transparency is fundamental to our operations. We are committed to keeping our users informed about how we collect, process, and store their data. Our Privacy Policy outlines our data practices in detail, providing clear and concise information about the types of data we collect, how we use it, and with whom we share it, if applicable.

Data Management: Our servers are located within the EU and adhere to GDPR regulations. Users have full control over their personal information and can manage their preferences within the Profile Settings section of our platform. We provide users with the tools they need to access, update, and delete their data, ensuring transparency and accountability in our data management practices.

Global Compliance: While GDPR primarily pertains to data from EU residents, we apply its principles universally to all users, regardless of their location. We believe that everyone deserves the same level of privacy and protection for their personal data, and we strive to uphold GDPR standards across all jurisdictions where we operate.

How Filemium Complies with GDPR

Encryption: Filemium employs a comprehensive encryption system to ensure the security of your data throughout its lifecycle. This includes encryption at rest and in transit using industry-standard protocols. By encrypting data both while it is stored on our servers and while it is being transmitted between our servers and your devices, we minimize the risk of unauthorized access and data breaches.

Data Processing Agreement: We have a Data Processing Agreement (DPA) in place that outlines the data we collect and how we process it. For a copy of this agreement, please contact us at [email protected]. Our DPA ensures that we process personal data in compliance with GDPR requirements and that we only collect and use data for legitimate purposes outlined in our Privacy Policy.

Limited Purpose: We process data solely for the purpose of providing cloud storage services. We do not use your data for any other purposes without your explicit consent. By limiting the purposes for which we process data and obtaining user consent when necessary, we ensure that our data processing activities are lawful, fair, and transparent, in accordance with GDPR principles.

Data Deletion: Users have the right to request the deletion of their data from our servers. Upon termination of service or upon request, we promptly delete all data associated with the user's account. We have implemented automated processes to facilitate data deletion requests and ensure that user data is securely erased from our systems in a timely manner.

Processing Activity Tracking: We maintain records of our processing activities in compliance with GDPR. Users can access this information through the Filemium user panel, which logs relevant details such as date, file names, and total storage usage. By providing users with visibility into how their data is being processed, we promote transparency and accountability in our data processing practices.

Security Measures

Firewall Protection: Our servers are protected by a robust firewall system to prevent unauthorized access. We regularly update and monitor our firewall rules to adapt to emerging threats and ensure that our systems are protected against external attacks.

Web Application Firewall (WAF) and Cloudflare: We utilize additional security measures, including WAF and Cloudflare, to proactively block potential threats and mitigate DDoS attacks. By implementing multiple layers of defense, we minimize the risk of security breaches and ensure the integrity and availability of our services.

Logging Practices

Log Management: We maintain logs for the purpose of improving our services, debugging issues, and preventing fraud. These logs are retained for a maximum of one month from the collection date and are used exclusively for monitoring and debugging purposes. We implement strict access controls and encryption mechanisms to protect log data from unauthorized access and ensure that it is only accessed by authorized personnel for legitimate purposes.

This update includes ongoing efforts to enhance our GDPR compliance measures and strengthen our security protocols. We continuously review and update our practices to adapt to evolving threats and regulations, ensuring the highest standards of data protection for our users. By staying informed about changes in the regulatory landscape and investing in technology and processes to mitigate risks, we demonstrate our commitment to protecting user privacy  and data security.

At Filemium, we are committed to ensuring the security and privacy of your data. Should you have any questions or concerns regarding our GDPR compliance or data handling practices, please don't hesitate to reach out to us at [email protected]. We value your feedback and are always looking for ways to improve our services and strengthen our commitment to data protection and privacy.

Update: 10.02.2024