When using the website, you will be asked to provide certain personal information and personal data. With this statement we would like to inform you how your personal data is collected, used and protected and under which circumstances personal data is passed on to third parties.
ySendit protects the rights of site visitors to their personal data and complies with German data protection laws and the EU Data Protection Regulation (DSGVO) of 25 May 2018.
We collect your data in order to provide the core functionalities of our file sharing service and to be able to continuously improve our services for you. In doing so, we limit ourselves to the collection of data that is required to provide those services that you use on ySendit.
The following data is stored in order to provide the core functionality of ySendit:
The security of personal data is of great importance to ySendit. We make every effort to ensure the security of your personal data with the measures usual on the Internet, but we cannot guarantee that data will not be lost, misused or altered.
You have the possibility to encrypt (AES 256 bit) a transmission during the creation with a self chosen password. The chosen password will be SSL-encrypted and transferred to our servers and immediately hashed over PBKDF2. We use two randomly generated salts (32 characters) to get two different hashes (256 bit each) of your password. One of the hashes (and the salt used) is stored in our database, so that we can check the password entered when downloading the Transfer. With the other hash we encrypt your transmission data according to AES-256 Bit. In doing so, we store only the salt used for the encryption hash in the database. The password used and the hash used for the encryption is not stored at any time. Thus your files can only be decrypted with the password you enter on the download page. The entered passwords are not intercepted by us and are not stored on our servers. We have therefore no possibility to view your encrypted file transfers.
Most of the other Transfer data (including files, message to the receiver & recipient emails) is stored in encrypted form. Upload-Id, size, file name, sharing method and expiration date are not stored encrypted for technical reasons.
Furthermore, we offer the possibility to automatically delete Transfers and the corresponding uploaded files. If this option is active, the entire Transfer will be completely deleted after the first download (*) (at the latest on the expiry date). For Transfers via email and activated Auto Delete, each recipient can only download the file once. If all recipients have downloaded the file, or if the expiry date has been reached, the Transfer will be completely deleted. (*)
(*) Please see section "Deletion of data" for detailed infomration.
If there are reasons for us to believe that data security cannot be guaranteed or is being misused, we may deactivate your password or currently active session and notify you accordingly.
In order to continuously improve our site and adapt it to your needs, we need to collect and log data on the use of the site, the most frequently visited areas of the site, duration of use, average usage times and other information.
We use the following technical means for this purpose:
An IP (Internet Protocol) address is a number that is automatically assigned to your computer when you surf the Internet. The servers that manage the homepages can recognize your computer by this number. In this way we can determine how the site is used by the various IP addresses. However, we store personal and usage-based data anonymously (without connection to the IP used). We also use the IP address to determine the location of access to our website. The location is stored together with the SessionID. This is done anonymously, the location is not linked to a user.
We also collect device-specific data such as browser type or operating system.
Data acquisition when downloading a Transfer
We anonymously log every download of a Transfer. The respective log is deleted after the end of the Transfer but is kept a minimum of 14 days.
For analysis purposes we use Hotjar only on our upload site. There we collect information about the browser you use, your location and your click behaviour. We don't track key stroke events or record your user input. Hotjar is also used when sending us a feeback via the widget on the left side of our site. Collected data will be made anonymous. Please inform yourself on their pages about data collection from end customers (https://www.hotjar.com/privacy/)
We use Google Analytics to analyze website usage. The data obtained from this is used to optimize our website and advertising measures. The following data, among other things, is recorded during your website visit: Pages accessed, achieving "website goals" (e.g. contact requests and newsletter registrations), your behavior on the pages (e.g. clicks, scrolling behavior and length of stay), your approximate location (country and city), your IP address (in abbreviated form so that no clear assignment is possible), technical information such as browser, internet provider, device and screen resolution, source of origin of your visit (i.e. via which website or which advertising material you came to us), this data is transmitted to a Google server in the USA. Google observes the data protection provisions of the "EU-US Privacy Shield" agreement.
Google Analytics stores cookies in your web browser for a period of two years since your last visit. These cookies contain a randomly generated user ID with which you can be recognized on future website visits.
The recorded data are saved together with the randomly generated user ID, which enables pseudonymous user profiles to be evaluated. This user-related data is automatically deleted after 14 months. Other data are stored indefinitely in aggregated form.
Except as described below, we do not share information with third parties unless we have notified you when collecting the information and you have consented.
Personal data of our customers or former customers will only be passed on to third parties in the following cases:
In accordance with the DSGVO, we only store your data for as long as we need it to provide our service. For this reason, the following data is regularly deleted:
When you visit our site, you may be directed to Internet sites of third parties over which we have no control. These links are provided to make it easier for you to use the service. The use of the sites of third parties is at your own risk.
When using our website ysendit.com, our public file sharing service or a private instance of ySendit, we assume that you have read this disclaimer carefully, agree to it and abide by the rules contained therein.
When using this website, every user will be informed about the applicable data protection regulations as well as the terms and conditions. If he agrees to these, the use is possible within the framework of the tos. In the event that a user cannot agree to these applicable provisions (or, if applicable, individual areas), the use of ySendit as a whole is not possible.
If you cannot agree to the current content of this statement or future changes, we would ask you to stop using the ySendit service.
The place of jurisdiction for all disputes arising from legal relationships with ySendit shall be the company's registered office.