Privacy Policy
Effective date: March 24, 2026
TransferSecure ("we", "us", or "our") is operated by Rudra Coresoft Technologies Private Limited. This Privacy Policy explains how we collect, use, store, and protect your information when you use our file transfer service at transfersecure.ai (the "Service").
By using TransferSecure, you agree to the collection and use of information as described in this policy.
1. Information We Collect
1.1 Information you provide
- Account information -username, email address, and password (stored as a salted hash; we never store plaintext passwords).
- Transfer details -sender name, sender email, recipient email addresses, optional transfer title, and optional message.
- Verification codes -one-time passwords (OTPs) generated for email verification; these expire after 10 minutes and are deleted after use.
- Payment information -if you subscribe to a paid plan, payment details are processed by DODO Payments. We do not store your full card number.
- Support communications -if you contact us or submit an issue report, we collect the content of your message, email, and any attachments.
1.2 Information collected automatically
- Log data -IP address, browser type, pages visited, and timestamps. IP addresses associated with download events are stored as irreversible hashes.
- Cookies -session cookies for authentication and CSRF cookies for security. No advertising or third-party tracking cookies.
- Device information -operating system, browser version, and screen size collected via standard HTTP headers.
1.3 Information we do NOT collect
- We do not read, scan, or analyse file contents for advertising, profiling, or any purpose other than virus scanning.
- We do not use third-party analytics trackers, advertising pixels, or social-media widgets.
2. How We Use Your Information
- Provide the Service -create accounts, process uploads, generate download links, deliver email notifications, and enforce transfer expiry.
- Security -scan uploaded files for malware, authenticate users, prevent abuse, and detect unauthorized access.
- Communicate -send transactional emails only (verification codes, transfer notifications, download alerts, password resets). We never send marketing emails.
- Improve the Service -diagnose errors, monitor performance, and plan capacity using aggregated, non-identifying metrics.
- Legal obligations -comply with applicable laws, regulations, or valid legal requests.
3. File Handling & Virus Scanning
Files you upload are stored on Secure Cloud infrastructure. Every file is automatically scanned for viruses and malware before the transfer is made active.
- Files that fail the virus scan are quarantined and may be permanently deleted.
- We do not access file contents for any purpose other than virus scanning.
- Files are automatically deleted when the transfer expires or when you delete a transfer.
4. Data Storage & Retention
| Data type | Retention period |
|---|---|
| Account data | Until you delete your account |
| Uploaded files | Until transfer expiry or manual deletion by sender |
| Transfer metadata | Deleted when the transfer expires or is deleted by the sender |
| Verification codes (OTPs) | 10 minutes (auto-expire) |
| Orphaned uploads (never confirmed) | Automatically cleaned up within 2 hours |
| Hashed download event logs | Deleted when the associated transfer is deleted |
| Support tickets & issue reports | 1 year |
5. Data Sharing & Third Parties
We do not sell, rent, or trade your personal data. We share information only with:
- Secure Cloud -to store and deliver your uploaded files.
- Email provider -to deliver transactional emails (verification codes, transfer notifications).
- DODO Payments -to process subscription payments (paid plans only).
- Law enforcement -only when required by a valid legal order (subpoena, court order, or equivalent).
All third-party providers are bound by their own privacy policies. We select providers that maintain industry-standard security practices.
6. Security
- All data in transit is encrypted via TLS / HTTPS.
- Files at rest are stored in encrypted object storage.
- User passwords are hashed using Django's PBKDF2 algorithm with a unique salt per user.
- Transfer passwords are hashed using PBKDF2 with a unique salt.
- Download event IP addresses are stored as irreversible hashes, not plaintext.
- Session authentication with CSRF protection is enforced on all state-changing operations.
While we take reasonable measures to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.
7. Cookies
We use only essential cookies:
| Cookie | Purpose | Duration |
|---|---|---|
sessionid | Keeps you logged in | Browser session |
csrftoken | Protects against cross-site request forgery | Browser session |
We do not use analytics, advertising, or social media cookies.
8. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access -request a copy of the personal data we hold about you.
- Rectification -correct inaccurate personal data.
- Deletion -delete your account and all associated data via Settings.
- Data portability -request your data in a structured, machine-readable format.
- Withdraw consent -where processing is based on consent, withdraw it at any time.
To exercise any of these rights, email us at [email protected]. We will respond within 30 days.
9. Children's Privacy
TransferSecure is not intended for children under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Effective date" at the top of this page. Continued use of the Service after changes constitutes your acceptance of the revised policy.
11. Contact Us
If you have questions about this Privacy Policy or our data practices:
- Rudra Coresoft Technologies Private Limited
- Email: [email protected]
- Web: rudracoresoft.com