Privacy Policy

Who We Are — Responsible Party

SecureLync is operated by an individual based in the Republic of South Africa. As the operator of this service, we are the "Responsible Party" under POPIA in respect of all personal information processed through SecureLync.

Contact for privacy matters: privacy@securelync.com

What Personal Information We Collect

SecureLync collects the minimum personal information needed to operate the service:

• Account credentials — username and email address (stored encrypted using AES-256-GCM). Passwords are hashed using PBKDF2-SHA256 at 100,000 iterations and are never stored in recoverable form. A one-way HMAC index of the email is stored separately for lookup purposes, but cannot be used to reconstruct the email address.
• Download events — the timestamp, approximate geolocation (city and country), IP address, and file category of each file download. Every field is individually encrypted using AES-256-GCM before being written to the database. This data is accessible only to the authenticated sender (you) through your dashboard.
• Session identifiers — a cryptographically random 256-bit session ID stored in an HttpOnly, Secure, SameSite=Strict cookie. Sessions expire after 2 hours and are invalidated on logout and password change.
• File metadata — original filename, file size, MIME type, and the per-file encryption key. All fields are encrypted in the database. Encrypted file blobs are stored in Cloudflare R2 object storage.
• Disclaimer acknowledgements — a record that a recipient confirmed the Terms of Service before downloading, including a timestamp and encrypted IP address. Used solely for legal audit purposes.
• Account preferences — your settings (auto-clear toggles, display preferences) stored server-side to enable the automated cleanup service.
• Activity timestamps — a timestamp of your last authenticated activity, used solely to determine eligibility for the 30-day inactive account cleanup.

What We Do NOT Collect

• File contents — we never read, scan, or store decrypted file data. Only encrypted blobs reach our infrastructure and they are never decrypted by us.
• Browsing behaviour, page analytics, session recordings, or advertising identifiers.
• Cross-site tracking cookies of any kind.
• Precise GPS or device location — only city/country level geolocation from IP address.
• Any personal information about recipients beyond what is logged in a download event.

Legal Basis for Processing (POPIA)

We process personal information on the following legal grounds under POPIA:

• Contract performance — processing credentials, session data, and file metadata is necessary to deliver the service you have subscribed to.
• Legitimate interest — download event logging is in the legitimate interest of the sender to monitor their own file distribution. Disclaimer acknowledgement logging is in the legitimate interest of operating a legally defensible service.
• Legal obligation — retention of disclaimer acknowledgements and cooperation with lawful law enforcement requests is required by applicable law.

Encryption Architecture

SecureLync uses a layered encryption model to protect all stored personal information:

• File content — AES-256-GCM, key generated in your browser, never transmitted to our servers. The decryption key lives only in the share URL and is never included in HTTP requests.
• All database fields containing personal data — individually AES-256-GCM encrypted using server-side keys derived from a secure infrastructure secret. This includes filenames, file sizes, MIME types, IP addresses, geolocation data, email addresses, and download timestamps.
• Passwords — PBKDF2-SHA256 with 100,000 iterations. Never stored in recoverable form.

Third-Party Services and Cross-Border Transfers

SecureLync uses the following third-party services to operate. By using SecureLync, you acknowledge that data may be processed outside South Africa:

• Cloudflare (USA / Global) — all compute, file storage (R2), and database (D1) infrastructure. Cloudflare processes request metadata as part of service delivery. Cloudflare is certified under standard contractual clauses for international data transfers. See Cloudflare's Privacy Policy.
• VirusTotal / Google (USA) — a SHA-256 hash fingerprint of each uploaded file is submitted for threat scanning. The actual file content is never transmitted. VirusTotal may retain hash data per their own policy.
• MalwareBazaar / abuse.ch (Switzerland) — file hashes are checked against this threat intelligence database. No file content is transmitted.
• CIRCL Hashlookup (Luxembourg) — hashes are checked against this known-safe file reference database. No file content is transmitted.
• Pusher / Pusher Ltd (UK) — sends a real-time signal to your dashboard when a file is downloaded. The signal contains no personal data — only an anonymous channel identifier.
• ip-api.com — download IP addresses are resolved to approximate city and country for display in your analytics dashboard. The resolved location is stored encrypted. ip-api.com processes the raw IP as part of this lookup.
• Google Fonts, jsDelivr, cdnjs (Global) — serve fonts and open-source JavaScript libraries. These CDNs may log your IP address as part of standard delivery infrastructure.

Data Retention

We retain personal information only as long as it is needed for the purpose for which it was collected:

• Encrypted file bytes — deleted automatically from storage when a token expires (within the next hourly cleanup run), or immediately when you delete a token.
• Token records and file metadata — retained until you delete them manually, until your auto-clear settings remove them, or until account deletion.
• Download event records — retained until you delete them, or until account deletion. They are intentionally preserved when token records are auto-cleared, as they represent your download analytics.
• Session data — expires after 2 hours. Deleted on logout or password change.
• Disclaimer acknowledgements — retained indefinitely for legal compliance purposes. These records are minimal (token ID, encrypted IP, timestamp) and do not contain file contents.
• Account credentials and all associated data — permanently and irrecoverably deleted when you delete your account. No retention period applies.
• Inactive accounts — if an account has had no authenticated activity for 30 consecutive days, all tokens, files, and download history are deleted in the next hourly cleanup run, regardless of auto-clear settings. Credentials are retained until you explicitly delete your account.

Your Rights Under POPIA

As a data subject under the Protection of Personal Information Act, you have the following rights:

• Right of access — you may request a copy of the personal information we hold about you.
• Right to correction — you may update your username and email address from your dashboard at any time. For other corrections, contact us.
• Right to deletion (erasure) — you may permanently delete your account and all associated personal data from your dashboard (☰ → Account → Delete My Account). Deletion is immediate and irreversible.
• Right to object — you may object to the processing of your personal data by contacting us at the address below.
• Right to lodge a complaint — if you believe we have violated POPIA, you may lodge a complaint with the Information Regulator of South Africa at inforegulator.org.za.

To exercise any of these rights, contact us at privacy@securelync.com. We will respond within 30 days as required by POPIA.

Security Measures

We implement the following technical and organisational measures to protect personal information:

• AES-256-GCM encryption of all personal data fields stored in the database
• PBKDF2-SHA256 password hashing with 100,000 iterations
• CSRF token protection on all state-changing requests
• Rate limiting on authentication and sensitive API endpoints
• HttpOnly, Secure, SameSite=Strict session cookies
• Session invalidation on logout and password change
• Automatic session expiry after 2 hours of inactivity
• Server-enforced Terms of Service acknowledgement gate before file metadata is transmitted

Children's Privacy

SecureLync is not directed at children under the age of 16. We do not knowingly collect personal information from anyone under 16. If you become aware that a minor under 16 has created an account or shared content through SecureLync, please contact us immediately at the address below and we will delete the account and associated data promptly.

Changes to This Policy

We may update this policy from time to time to reflect changes in the law, our practices, or our service. The version number and date at the top reflect the most recent revision. Material changes will be indicated by an updated version number. Continued use of SecureLync after changes constitutes acceptance of the updated policy.