Privacy Policy

Last updated April 2023

When using the website or ysendit apps you will be asked to provide certain personal information and personal data. With this statement we would like to inform you how your personal data is collected, used and protected and under which circumstances personal data is passed on to third parties.

ysendit protects the rights of site visitors and app users to their personal data and complies with German data protection laws and the EU Data Protection Regulation (DSGVO) of 25 May 2018.

Revoke consent for interest-based advertising, analytics and cookies

At the top of the privacy policy, we would like to give you the opportunity to adjust your consent to our terms and conditions, privacy policy, the processing of your personal data specified therein and the cookie use. Tap on the button to update your consent in this browser (if you don't see a button, you haven't given us your consent yet) or follow the instructions below to do the same in one of the ysendit apps:

You can also revoke your consent for analytics and cookies in the ysendit apps: Go to Setup > delete data

Collected data technically required

We collect your data in order to provide the core functionalities of our file sharing service and to be able to continuously improve our services for you. In doing so, we limit ourselves to the collection of data that is required to provide those services that you use on ysendit.

The following data is stored in order to provide the core functionality of ysendit:

  • Information about your person (e.g. email, username and location (determined by your IP))
  • General information (e.g. language you use, time of your visits to the website or app)
  • A unique ID is stored in your browser in the form of a cookie. This ID is only used to enable you to view your previous transfers.
  • Uploaded files (only if sent via link or mail)
  • Email addresses of the recipients (only in the case of sending via email)
  • Applications, forms and other communications sent to us
  • Browser Fingerprint derived from your IP, browser, browser version and your operating system. Only used to count how many uploads were started from this browser, identify new uploaders and to take actions accordingly
  • Advertising Cookies from Google to deliver ads
  • If you opted-in, PostHog Analytics stores cookies in your web browser or ysendit app for a period of one year since your last visit. These cookies contain a randomly generated user ID with which you can be recognized on future website visits or app uses

The security of personal data is of great importance to ysendit. We make every effort to ensure the security of your personal data with the measures usual on the Internet, but we cannot guarantee that data will not be lost, misused or altered.

You have the possibility to encrypt (AES 256 bit) a transmission during the creation with a self chosen password. The chosen password will be SSL-encrypted and transferred to our servers and immediately hashed over PBKDF2. We use two randomly generated salts (32 characters) to get two different hashes (256 bit each) of your password. One of the hashes (and the salt used) is stored in our database, so that we can check the password entered when downloading the Transfer. With the other hash we encrypt your transmission data according to AES-256 Bit. In doing so, we store only the salt used for the encryption hash in the database. The password used and the hash used for the encryption is not stored at any time. Thus your files can only be downloaded with the password you enter on the download page. The entered passwords are not intercepted by us and are not stored on our servers.

Most of the Transfer data (including files, message to the receiver & recipient emails) is stored in encrypted form. Upload-Id, size, file name, sharing method and expiration date are not stored encrypted for technical reasons. 

Furthermore, we offer the possibility to automatically delete Transfers and the corresponding uploaded files. If this option is active, the entire Transfer will be completely deleted after the first download (*) (at the latest on the expiry date). For Transfers via email and activated Auto Delete, each recipient can only download the file once. If all recipients have downloaded the file, or if the expiry date has been reached, the Transfer will be completely deleted. (*)

(*) Please see section "Deletion of data" for detailed infomration.

If there are reasons for us to believe that data security cannot be guaranteed or is being misused, we may deactivate your password or currently active session and notify you accordingly.

Data used for service improvements

In order to continuously improve our service and adapt it to your needs, we need to collect and log data on the use of our service, the most frequently visited areas, duration of use, average usage times and other information.

We use the following technical means for this purpose:

  • IP address
    An IP (Internet Protocol) address is a number that is automatically assigned to your computer when you surf the Internet. The servers that manage the homepages can recognize your computer by this number. In this way we can determine how the service is used by the various IP addresses. However, we store personal and usage-based data anonymously (without connection to the IP used). We also use the IP address to determine the location of access to our website and apps. The location is stored together with the SessionID. This is done anonymously, the location is not linked to a user.

  • Cookies
    Cookies are data that are transferred from a web server to a visitor's hard drive. They help you to surf the Internet more efficiently by saving your decisions when visiting a site. It is important for you to know that passwords are NEVER stored by cookies. We only use cookies to store your email and session. Most browsers are configured to initially work with cookies. However, you can change the settings of your browser so that it does not accept cookies or informs you about cookies. If you switch off cookies, however, you may experience problems when visiting certain parts of our site. Third parties, such as tools from companies that we integrate into our site to analyse their usage behaviour, may transfer cookies to your hard disk. We have no control over these cookies ourselves.

  • Device data
    We also collect device-specific data such as browser type or operating system.

  • Data acquisition when downloading a Transfer
    We anonymously log every download of a Transfer. The respective log is deleted after the end of the Transfer but is kept a minimum of 14 days.

  • PostHog Analytics
    We use PostHog to analyze website and app usage. The data obtained from this is used to optimize our service for you. The following data, among other things, is recorded during your website visit or app use: Pages accessed, achieving "website goals" (e.g. uploading your first file), your behavior on the pages (e.g. clicks, scrolling behavior and length of stay), your approximate location (country and city), your IP address (in abbreviated form so that no clear assignment is possible), technical information such as browser, internet provider, device and screen resolution, source of origin of your visit (i.e. via which website or which advertising material you came to us), this data is transmitted to a PostHog server in the USA. PostHog observes the data protection provisions of the "EU-US Privacy Shield" agreement.
    PostHog Analytics stores cookies in your web browser or ysendit app for a period of one year since your last visit. These cookies contain a randomly generated user ID with which you can be recognized on future website visits or app uses.
    The recorded data are saved together with the randomly generated user ID, which enables pseudonymous user profiles to be evaluated. This user-related data is automatically deleted after 14 months.

    We use Cloudflare, Inc. (101 Townsend St., San Francisco, CA 94107, USA) to make our website faster and more secure. In doing so, Cloudflare uses cookies and processes user data. Cloudflare, Inc. is an American company that provides a content delivery network and various security services. These services are located between the user and our hosting provider and act as a reverse proxy for websites. More information about their data processing can be found on their website:

Data used to deliver targeted advertising

We display personalized Ads on our website. In the ysendit apps or if you have subscribed to ysendit without ads, we do not place ads. This chapter only applies to our website.

Third party vendors, including Google, use cookies to serve ads based on your prior visits to or other websites.

Google's use of advertising cookies enables it and its partners to serve ads to you based on your visit to and/or other sites on the Internet.

You may opt out of personalized advertising by visiting Ads Settings or by following the instructions under "Revoke consent for interest-based advertising, analytics and cookies" in this page

Sharing of collected information

Except as described below, we do not share information with third parties unless we have notified you when collecting the information and you have consented.

Personal data of our customers or former customers will only be passed on to third parties in the following cases:

  • In order to load external scripts and ads, your ip address is passed to servers of Google, Cloudflare, Posthog, Atlassian, Dicebear, Bunny Net, Spartez Software, Apple, Mailchimp and AWS.
    If you have subscribed to ysendit without ads, no ads will be served on the download page and your ip address will not be sent to Google.
  • Uploaded files are transmitted to and hosted encrypted on IDrive s3 servers in Frankfurt (EU). More information about IDrive’s data handling can be found on their website at
  • We send emails via AWS SES. Here, we transmit non risky personal data (name, shipment ID) to Amazon, which is only used for the delivery of the mail (
  • Once shared files get downloaded, they get cached by our Content Delivery Network. Currently we use the offers from BunnyCDN to provide this network. Please refer to their website to learn more about their data handling.
  • Selected Logos and Background Images are uploaded to the public image repository and are therefore public.
  • We process payments of owners of private ysendit Instances over Chargebee. Therefor you payment data is shared with Chargebee.

Deletion of data

In accordance with the DSGVO, we only store your data for as long as we need it to provide our service. For this reason, the following data is regularly deleted:

  • Uploaded files are completely removed when their expiration date has been reached, when they have been manually deleted by us or the user or when the user's account has been deleted by the user himself or by us.
  • Files chached by our Content Delivey Network get automatically deleted in the CDN once they are removed.
  • Files of Transfers with activated "auto delete" get deleted 12 hours after the last recepient downloaded the transfer. This delay is required to ensure that the last recepient can successfully download your files.
  • Transfer data (file size, shipment type, expiration date, shared since, recipient's email address, sender's email address, sender's ClientID, file names and download logs of files) are deleted once the Transfer expires and kept for a minimum of 14 days.
  • Text snippets are treated like transfer data and get deleted once the transfer expired or the "auto-deletion" was fired and are kept for a minimum of 14 days.
  • Access data (SessionIDs, last login with the SessionID, access location of the SessionID, preference whether user should remain logged in) will be removed if the corresponding session has expired (e.g. if the user logs out of the website).
  • Selected Logos and Background images don't get deleted once the upload is expired.
  • To delete your account, you can click on your profile on the website, then select "Update profile" and then click on the "Delete my account" button. When you delete your account, all data and transfers associated with your account will be deleted according to the details listed above.
  • Payment data of owners of a private ysendit Instance gets deleted in accordance with legal requirements.
  • All data included in a private ysendit Instance (expect the files hosted in AWS) gets deleted 14 days after the subscription is canceled.

If you want to delete a transfer before its expiration date, there are two ways:
Transfers via email contain a link in your confirmation email, with which you can delete the corresponding transfer directly.
Alternatively, you can view your transfers on the website and delete the corresponding transfer there. Please note that if you don't have a account, you will only see the transfers you uploaded with the browser you are using to list the transfers.

Links to third party sites

When you visit our site or apps, you may be directed to Internet sites of third parties over which we have no control. These links are provided to make it easier for you to use the service. The use of the sites of third parties is at your own risk.


When using our website, our public file sharing service, our ysendit apps or a private instance of ysendit, we assume that you have read this disclaimer carefully, agree to it and abide by the rules contained therein. 

When using this website or the ysendit apps, every user will be informed about the applicable data protection regulations as well as the terms and conditions. If he agrees to these, the use is possible within the framework of the tos. In the event that a user cannot agree to these applicable provisions (or, if applicable, individual areas), the use of ysendit as a whole is not possible. 

Change interval

Please note that the content of the privacy policy and the terms and conditions can be changed at any time by ysendit. In such a case, each user must give his or her consent to the adapted terms and conditions the next time he or she visits before using it again. 

If you cannot agree to the current content of this statement or future changes, we would ask you to stop using the ysendit service.

Place of jurisdiction

The place of jurisdiction for all disputes arising from legal relationships with ysendit shall be the company's registered office.