Last updated April 2023
When using the website or ysendit apps you will be asked to provide certain personal information and personal data. With this statement we would like to inform you how your personal data is collected, used and protected and under which circumstances personal data is passed on to third parties.
ysendit protects the rights of site visitors and app users to their personal data and complies with German data protection laws and the EU Data Protection Regulation (DSGVO) of 25 May 2018.
You can also revoke your consent for analytics and cookies in the ysendit apps: Go to Setup > delete data
We collect your data in order to provide the core functionalities of our file sharing service and to be able to continuously improve our services for you. In doing so, we limit ourselves to the collection of data that is required to provide those services that you use on ysendit.
The following data is stored in order to provide the core functionality of ysendit:
The security of personal data is of great importance to ysendit. We make every effort to ensure the security of your personal data with the measures usual on the Internet, but we cannot guarantee that data will not be lost, misused or altered.
You have the possibility to encrypt (AES 256 bit) a transmission during the creation with a self chosen password. The chosen password will be SSL-encrypted and transferred to our servers and immediately hashed over PBKDF2. We use two randomly generated salts (32 characters) to get two different hashes (256 bit each) of your password. One of the hashes (and the salt used) is stored in our database, so that we can check the password entered when downloading the Transfer. With the other hash we encrypt your transmission data according to AES-256 Bit. In doing so, we store only the salt used for the encryption hash in the database. The password used and the hash used for the encryption is not stored at any time. Thus your files can only be downloaded with the password you enter on the download page. The entered passwords are not intercepted by us and are not stored on our servers.
Most of the Transfer data (including files, message to the receiver & recipient emails) is stored in encrypted form. Upload-Id, size, file name, sharing method and expiration date are not stored encrypted for technical reasons.
Furthermore, we offer the possibility to automatically delete Transfers and the corresponding uploaded files. If this option is active, the entire Transfer will be completely deleted after the first download (*) (at the latest on the expiry date). For Transfers via email and activated Auto Delete, each recipient can only download the file once. If all recipients have downloaded the file, or if the expiry date has been reached, the Transfer will be completely deleted. (*)
(*) Please see section "Deletion of data" for detailed infomration.
If there are reasons for us to believe that data security cannot be guaranteed or is being misused, we may deactivate your password or currently active session and notify you accordingly.
In order to continuously improve our service and adapt it to your needs, we need to collect and log data on the use of our service, the most frequently visited areas, duration of use, average usage times and other information.
We use the following technical means for this purpose:
An IP (Internet Protocol) address is a number that is automatically assigned to your computer when you surf the Internet. The servers that manage the homepages can recognize your computer by this number. In this way we can determine how the service is used by the various IP addresses. However, we store personal and usage-based data anonymously (without connection to the IP used). We also use the IP address to determine the location of access to our website and apps. The location is stored together with the SessionID. This is done anonymously, the location is not linked to a user.
We also collect device-specific data such as browser type or operating system.
Data acquisition when downloading a Transfer
We anonymously log every download of a Transfer. The respective log is deleted after the end of the Transfer but is kept a minimum of 14 days.
We use PostHog to analyze website and app usage. The data obtained from this is used to optimize our service for you. The following data, among other things, is recorded during your website visit or app use: Pages accessed, achieving "website goals" (e.g. uploading your first file), your behavior on the pages (e.g. clicks, scrolling behavior and length of stay), your approximate location (country and city), your IP address (in abbreviated form so that no clear assignment is possible), technical information such as browser, internet provider, device and screen resolution, source of origin of your visit (i.e. via which website or which advertising material you came to us), this data is transmitted to a PostHog server in the USA. PostHog observes the data protection provisions of the "EU-US Privacy Shield" agreement.
PostHog Analytics stores cookies in your web browser or ysendit app for a period of one year since your last visit. These cookies contain a randomly generated user ID with which you can be recognized on future website visits or app uses.
The recorded data are saved together with the randomly generated user ID, which enables pseudonymous user profiles to be evaluated. This user-related data is automatically deleted after 14 months.
We display personalized Ads on our website. In the ysendit apps or if you have subscribed to ysendit without ads, we do not place ads. This chapter only applies to our website.
Google's use of advertising cookies enables it and its partners to serve ads to you based on your visit to ysendit.com and/or other sites on the Internet.
You may opt out of personalized advertising by visiting Ads Settings or by following the instructions under "Revoke consent for interest-based advertising, analytics and cookies" in this page
Except as described below, we do not share information with third parties unless we have notified you when collecting the information and you have consented.
Personal data of our customers or former customers will only be passed on to third parties in the following cases:
In accordance with the DSGVO, we only store your data for as long as we need it to provide our service. For this reason, the following data is regularly deleted:
If you want to delete a transfer before its expiration date, there are two ways:
Transfers via email contain a link in your confirmation email, with which you can delete the corresponding transfer directly.
Alternatively, you can view your transfers on the ysendit.com website and delete the corresponding transfer there. Please note that if you don't have a ysendit.com account, you will only see the transfers you uploaded with the browser you are using to list the transfers.
When you visit our site or apps, you may be directed to Internet sites of third parties over which we have no control. These links are provided to make it easier for you to use the service. The use of the sites of third parties is at your own risk.
When using our website ysendit.com, our public file sharing service, our ysendit apps or a private instance of ysendit, we assume that you have read this disclaimer carefully, agree to it and abide by the rules contained therein.
When using this website or the ysendit apps, every user will be informed about the applicable data protection regulations as well as the terms and conditions. If he agrees to these, the use is possible within the framework of the tos. In the event that a user cannot agree to these applicable provisions (or, if applicable, individual areas), the use of ysendit as a whole is not possible.
If you cannot agree to the current content of this statement or future changes, we would ask you to stop using the ysendit service.
The place of jurisdiction for all disputes arising from legal relationships with ysendit shall be the company's registered office.