Privacy Policy

How we protect your privacy and handle your data

Last updated: June 14, 2025

Privacy Summary

Zero Knowledge
We cannot see your files or encryption keys
No Personal Data
No registration or personal information required
Automatic Deletion
Files automatically deleted after expiry

1. Introduction

Welcome to NookFile. This Privacy Policy explains how we collect, use, process, and protect your information when you use our secure file transfer service operated by Andaman OÜ. We are committed to protecting your privacy and have designed our service with privacy-by-design principles.

Important: NookFile uses zero-knowledge architecture, which means we cannot access, view, or decrypt your files. Your files are encrypted in your browser before being uploaded to our servers.

2. Information We Collect

2.1 Information We DO NOT Collect

  • Personal identifying information (names, emails, phone numbers)
  • Account registration data (we don't require accounts)
  • File contents or file names (files are encrypted client-side)
  • Encryption keys (these remain in your browser)
  • Passwords for password-protected shares
  • Browsing history or tracking cookies

2.2 Technical Information We Collect

  • Share Metadata: Share ID, creation time, expiry time, file count, total file size (not individual file names)
  • Anonymous Usage Data: Number of downloads per share, general geographic region (country level)
  • Technical Logs: IP addresses (temporarily for rate limiting and abuse prevention), browser user agent strings
  • Error Logs: Technical error information for service improvement (no personal data)

2.3 Encrypted Data Storage

We store your files in encrypted form only. These encrypted files cannot be decrypted by us or anyone else without the encryption key that remains in your browser and is embedded in the share URL.

3. How We Use Information

The limited information we collect is used only for:

  • Service Operation: Managing file uploads, downloads, and automatic deletion
  • Security: Preventing abuse, spam, and protecting against malicious activities
  • Performance: Monitoring service performance and uptime
  • Legal Compliance: Meeting legal obligations and responding to lawful requests

We do not: Sell your data, share it with advertisers, use it for marketing, or analyze your files for any purpose.

4. Data Sharing and Disclosure

4.1 No Data Sales

We do not sell, rent, or trade any information to third parties.

4.2 Service Providers

We use trusted cloud infrastructure providers (Cloudflare R2) to store encrypted files. These providers cannot decrypt your files as they do not have access to encryption keys.

4.3 Legal Requirements

We may disclose information if required by law, court order, or government regulation. However, due to our zero-knowledge architecture, we cannot provide access to file contents even if requested.

5. Data Security

5.1 Encryption

  • All files are encrypted with AES-256-GCM before leaving your browser
  • Encryption keys are generated in your browser and never transmitted to our servers
  • All data in transit is protected with TLS encryption

5.2 Infrastructure Security

  • Secure cloud infrastructure with enterprise-grade security controls
  • Regular security audits and monitoring
  • Access controls and logging for all system access

5.3 Automatic Deletion

All files are automatically and permanently deleted after the expiry period (maximum 7 days). This ensures your data doesn't remain on our systems longer than necessary.

6. Data Retention

  • Encrypted Files: Deleted automatically after 1-7 days based on user selection
  • Share Metadata: Deleted with the files after expiry
  • Access Logs: Retained for 30 days for security and abuse prevention
  • Error Logs: Retained for 90 days for service improvement

Once deleted, data cannot be recovered by anyone, including NookFile staff.

7. International Data Transfers

Your encrypted files may be stored in data centers in various countries through our cloud infrastructure provider. Since all files are encrypted with keys that never leave your browser, your data remains protected regardless of where it is stored geographically.

8. Your Rights

Since we don't collect personal information, traditional data protection rights like access and correction don't apply. However:

  • Control: You control your files and can delete them anytime before expiry
  • Anonymity: You can use our service without providing any personal information
  • Transparency: This policy and our security documentation explain exactly how your data is handled

9. Children's Privacy

Our service does not knowingly collect personal information from children under 13. Since we don't require registration or collect personal information, our service can be used by minors with appropriate parental guidance.

10. Cookies and Tracking

NookFile does not use tracking cookies or analytics services. We only use essential technical cookies required for the service to function (session management, security features).

11. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last modified" date. Continued use of the service after changes constitutes acceptance of the updated policy.

12. Contact Information

If you have questions about this Privacy Policy or our privacy practices, you can contact us:

Company: Andaman OÜ
Address: Lõõtsa tn 5, Tallinn, Estonia 11415
Email: business#andaman.eu

For general questions, please review our FAQ section or security documentation first.

Security InformationFAQTerms of Service