Our Privacy Policy

This Privacy Policy (“Policy”) explains how MoreTransfer (“we,” “our,” or “us”) collects, uses, stores, and protects personal data in connection with our website and file-transfer services (collectively, the “Services”).

Our Services allow users to securely upload, share, and transfer digital files such as documents, photos, videos, designs, and other content (“User Content”) through our online platform.

By using our website or Services, you acknowledge that you have read and understood this Privacy Policy.

This Policy applies to all personal data processed by MoreTransfer in our capacity as a data controller, meaning we determine the purposes and methods of processing personal data when you interact with our Services.

n some cases, such as when we process User Content or transfer data on behalf of another party, we may act as a data processor. In those situations, processing is governed by our Data Processing Agreement (DPA), which outlines how we handle data in accordance with Article 28 of the GDPR.

We are committed to handling your personal information lawfully, transparently, and securely, in compliance with the General Data Protection Regulation (EU 2016/679) (“GDPR”) and other applicable privacy laws.

1. Data Controller & Contact Information

MoreTransfer (“we,” “us,” or “our”) is the entity responsible for determining the purposes and means of processing personal data collected through theMoreTransfer platform and related services. We operate primarily online and are committed to handling personal information lawfully, transparently, and securely in accordance with applicable privacy laws, including the General Data Protection Regulation (GDPR).

Your data controller is MoreTransfer, which can be contacted by email at support@moretransfer.com for all matters related to privacy, data protection, or this Policy. You may also reach us by mail at 2332 Galiano Street, 2nd Floor, Coral Gables, Miami, FL 33134, United States.

If you have any questions or requests regarding your personal data, or wish to exercise your rights under the GDPR or other applicable laws, please contact our privacy team using the details above. For questions specifically about this Privacy Policy or how we handle your personal data, you may also contact our Data Protection Officer (DPO) or privacy representative at the same address and email.

2. What Data We Collect

We collect only the data necessary to provide, secure, and improve the MoreTransferServices. The types of data we may collect include:

a. Personal Data

Information you provide or that is automatically collected when using our Services, such as:

• Email address (for sending or receiving transfers, account management, or support)
• IP address and device information (for security and fraud prevention)
• Browser type, operating system, and user agent data (to ensure compatibility and performance)

b. File Data

When you upload files through our platform, we collect limited metadata such as:

• File names, sizes, and types
• Upload and download timestamps
• Transfer identifiers and status

We do not access, view, or analyze the contents of your files unless explicitly required to investigate technical issues, security incidents, or comply with applicable law.

c. Payment and Subscription Data

If you purchase a paid plan, your payment details (such as card information) are processed securely by our payment provider, Stripe. MoreTransfer does not store or have direct access to your full payment information. We receive only limited data necessary for billing and account management, such as transaction IDs and payment status.

d. Logs and Analytics

We maintain technical and usage logs to monitor the stability, performance, and integrity of our Services. This may include:

• IP addresses and timestamps of transfers
• Download and view counts
• Error logs and performance metrics

e. Recipient Data

When you send a transfer to others, we collect the recipient’s email address and associate it with your transfer so that we can deliver the files and notify them of availability. Recipients’ email addresses are used solely for this purpose.

3. How Data Is Collected

We collect personal and technical data in several ways to operate and improve theMoreTransfer Services:

a. Directly from You

Information you voluntarily provide when using our Services, such as:

• Uploading or sending files
• Entering recipient email addresses
• Registering for an account or subscription
• Making a payment or contacting support

b. Automatically When You Use Our Services

Certain information is collected automatically through standard web technologies to ensure proper functionality and security, including:

• IP address and approximate location (for security and fraud prevention)
• Transfer activity, such as upload and download events

c. Cookies and Similar Technologies

We may use cookies or similar technologies to remember preferences, improve performance, and analyze usage trends. You can manage or disable cookies through your browser settings, but doing so may affect how some features work.

d. Through Third-Party Services

When you make payments, analytics events, or use integrations, limited information may be collected through trusted third-party providers (e.g., Stripe for payments or analytics tools for usage data). These services operate under their own privacy policies and comply with applicable data-protection laws.

4. Purpose & Legal Basis for Processing

We process personal data only when there is a clear and lawful basis to do so.MoreTransfer collects and processes data for the following purposes:

a. To Deliver and Operate the Service

We process your personal and technical data to provide the core functionality ofMoreTransfer, including:

• Uploading, transferring, and downloading files
• Managing transfer links, expiry settings, and delivery options
• Sending transfer notifications to recipients
• Managing user accounts, subscriptions, and billing details

This processing is necessary to perform the contract between you and MoreTransfer when you use our Services.

b. To Verify Identity and Ensure Reliable Delivery

We may process your email address to verify your identity and confirm transfer ownership, ensuring that your files are delivered to the correct recipients. This verification protects both senders and recipients from unauthorized use of the Service.

c. To Prevent Abuse and Maintain Security

We collect technical and behavioral data such as IP addresses, device details, and usage patterns to detect and prevent fraudulent, abusive, or malicious activity. This also helps maintain platform stability, safeguard stored files, and ensure fair use of our infrastructure. Our legitimate interest lies in maintaining a secure, reliable, and trustworthy service for all users.

d. To Improve and Develop the Platform

We analyze anonymized and aggregated usage data through PostHog, our self-hosted analytics platform, to understand user behavior, identify feature needs, and optimize performance. This allows us to continuously enhance the Service while minimizing the use of personally identifiable data.

e. To Comply with Legal Obligations

Certain data must be retained or processed to meet regulatory, accounting, and tax requirements example, maintaining transaction records, responding to lawful requests, or complying with data-protection and consumer laws.

f. To Send Optional Communications (Consent)

With your explicit consent, we may use your contact information to send non-essential communications such as newsletters, product updates, beta invitations, or early-access programs. You may withdraw consent at any time by following the unsubscribe instructions in these communications or contacting us directly.

We do not process personal data for purposes unrelated to those described above without obtaining additional consent or providing clear notice in advance.

5. Data Storage & Retention

We take data security and minimal retention seriously. All personal data and file transfers are stored securely in data centers located within the European Union to ensure compliance with applicable data protection laws.

a. Secure Storage

Files and related data are encrypted both in transit and at rest. Access is strictly limited to authorized systems and personnel who require it to operate or maintain the Service.

b. Metadata and Account Information

Account details, transfer metadata, and related records are stored in secure databases designed for reliability and integrity. These systems are monitored and maintained to protect against unauthorized access, loss, or corruption.

c. Retention of Transfers

Uploaded files and associated data are automatically deleted once they expire or after the defined retention period set by the user’s plan. This ensures that files do not remain accessible longer than necessary to deliver the Service.

d. Backups and Disaster Recovery

Encrypted backups are maintained solely for the purpose of disaster recovery and service continuity. These backups are retained for limited periods and are permanently deleted once no longer required.

e. General Retention Policy

We retain personal data only for as long as necessary to fulfill the purposes outlined in this Policy, including meeting legal, accounting, or reporting obligations. When personal data is no longer needed, it is securely deleted or anonymized.

6. Security Measures

We implement industry-standard security practices to protect personal data and file transfers against unauthorized access, alteration, disclosure, or destruction. Security is integral to how MoreTransfer is designed and operated.

a. Encryption

All files and personal data are encrypted both in transit and at rest using modern cryptographic standards (TLS 1.2+ for data in transit). This ensures that uploaded files, user information, and metadata cannot be read or modified by unauthorized parties.

b. Access Controls

Access to stored data is restricted through role-based permissions and the principle of least privilege. Only authorized personnel with a legitimate operational need are granted access to systems handling user data. Access activities are logged and periodically reviewed.

c. Monitoring and Incident Response

We continuously monitor system performance and security indicators to detect irregular activity, potential breaches, or misuse. If a data breach is suspected or confirmed, we follow a documented incident response plan that includes prompt containment, investigation, and notification in accordance with GDPR requirements.

d. Authentication and Token Security

Session and authentication tokens used to verify user identity are subject to strict expiration and refresh policies to reduce the risk of unauthorized access. Tokens are securely generated, stored, and invalidated upon logout or after defined inactivity periods.

e. Ongoing Review

We regularly review and update our security practices, infrastructure configurations, and encryption standards to align with evolving industry best practices and compliance obligations.

7. Third-Party Processors

To operate and deliver the MoreTransfer Services, we rely on carefully selected third-party service providers (“processors”) who assist in hosting, payment processing, storage, email delivery, and analytics. Each processor is contractually bound by a Data Processing Agreement (DPA) to ensure compliance with the General Data Protection Regulation (GDPR) and to maintain the confidentiality, integrity, and security of personal data.

We currently use the following processors:

• Cloudflare – for file storage and content delivery Cloudflare Data Processing Addendum
• Amazon Web Services (AWS) – for hosting and database infrastructure AWS Data Processing Addendum
• Stripe – for secure payment processing and subscription management. Stripe Data Processing Agreement
• Email Service Providers – for transactional and notification emails Resend DPA

All third-party processors are chosen based on their commitment to strong privacy and security standards. Data shared with these providers is limited to what is necessary for the performance of their specific functions.

8. Data Transfers Outside the EU

While MoreTransfer strives to store and process data within the European Union (EU) whenever possible, certain components of our infrastructure currently operate in North America and the EU. Specifically, our databases and file storage systems are hosted in secure data centers located in these regions to ensure reliability and performance.

This means that some personal data may be transferred to, or accessed from, countries outside the European Economic Area (EEA). When such transfers occur, we take appropriate safeguards to ensure that your data remains protected to a standard equivalent to that required under the General Data Protection Regulation (GDPR).

These safeguards include:

• EU Standard Contractual Clauses (SCCs): Legally binding agreements approved by the European Commission that ensure adequate protection of personal data when transferred internationally.
• Encryption and Access Controls: All data is encrypted in transit and at rest, and access is restricted to authorized personnel only.
• Data Minimization: Only the minimum data necessary for service delivery or technical operation is transferred or accessed outside the EU.

Our third-party providers (e.g., payment processors, analytics, and email services) are contractually required to handle data in compliance with GDPR and to use EU Standard Contractual Clauses or equivalent mechanisms where applicable.

We continuously review our infrastructure and supplier relationships to ensure ongoing compliance with EU data protection standards.

9. User Rights

Under the General Data Protection Regulation (GDPR), you have several rights concerning your personal data. MoreTransfer is committed to helping you exercise these rights easily and transparently.

a. Right of Access

You have the right to request confirmation of whether we process your personal data and to obtain a copy of that data, along with information about how it is used.

b. Right to Rectification

If any personal data we hold about you is inaccurate or incomplete, you have the right to request that it be corrected or updated.

c. Right to Erasure (“Right to Be Forgotten”)

You may request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or if you withdraw your consent (where applicable). Certain data may be retained where required by law or for legitimate business purposes, such as security or financial record-keeping.

d. Right to Data Portability

You have the right to request a copy of your personal data in a structured, commonly used, and machine-readable format and to transfer that data to another service provider, where technically feasible.

e. Right to Withdraw Consent

If we process your data based on your consent-such as for newsletters or early-access programs-you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

f. Right to Object or Restrict Processing

You have the right to object to processing carried out under legitimate interests or to request that we temporarily restrict the use of your data while a complaint or correction is being resolved.

g. Right to Lodge a Complaint

If you believe that your personal data has been processed unlawfully or that your rights have not been respected, you may file a complaint with your local supervisory authority within the European Union. A list of supervisory authorities is available here.

To exercise any of these rights, please contact us at support@moretransfer.com. We will respond to all valid requests within the time frames required by applicable data-protection laws.

10. Cookies & Tracking

MoreTransfer uses cookies and similar technologies only when necessary to operate and improve the Service. Cookies are small text files stored on your device that help us provide essential features, enhance security, and analyze usage in a privacy-respectful way.

a. Types of Cookies Used

• Essential Cookies: Required for core functionality, such as enabling file uploads, transfer progress, and secure access to your account. These cannot be disabled because they are necessary for the Service to function properly.
• Analytics Cookies: Used to understand how users interact with our website so we can improve usability and performance. These cookies may collect anonymized data such as page visits, clicks, and time spent on the site.

b. Analytics Tools

We use PostHog, a privacy-focused analytics platform, to analyze aggregate usage trends and feature performance. PostHog does not sell, share, or track identifiable personal data across websites. You can learn more about PostHog’s privacy practices here.

c. Managing Cookies

You can manage or disable cookies through your browser settings. Most browsers allow you to block or delete cookies, but doing so may affect the performance or functionality of certain features.

d. Opt-Out Options

If you prefer not to be included in analytics tracking, you can opt out of PostHog analytics at any time by declining cookie usage when the cookie consent banner is shown or by enabling the “Do Not Track” setting in your browser. We respect this signal and automatically exclude such sessions from tracking.

11. Data Breach Notification

We take every reasonable measure to protect personal data from loss, misuse, and unauthorized access. However, in the unlikely event of a data breach involving personal data, MoreTransfer will promptly investigate the incident and take steps to mitigate its impact.

If a breach is confirmed to pose a risk to individuals’ rights and freedoms, we will notify the appropriate data protection authority within 72 hours of becoming aware of it, as required by the General Data Protection Regulation (GDPR).

Where the breach is likely to result in a high risk to affected individuals, we will also notify those users directly without undue delay, providing clear information about:

• The nature of the breach
• The data potentially affected
• The steps we are taking to address it
• Recommended actions users can take to protect themselves

We maintain detailed incident response and breach management procedures to ensure timely and transparent communication in such events.

12. Policy Updates

This Privacy Policy may be updated periodically to reflect changes in our practices, technologies, or legal requirements. When updates are made, the “Last Updated” date at the top of this page will be revised accordingly.

If we make significant changes that affect your rights or how we process your personal data, we will provide clear notice, such as by email or a prominent message on our website-before the new terms take effect.

We encourage users to review this Policy regularly to stay informed about how we protect their information. Continued use of the Service after any changes are published will constitute acceptance of the updated Policy.