$uldl.sh_

$ Privacy Policy

Last updated: January 2026

1. Information We Collect

We collect information you provide directly, including email addresses for account registration, uploaded content, and usage data such as IP addresses and access logs.

2. How We Use Your Information

We use collected information to:

  • Provide and maintain the Service
  • Process transactions and send related information
  • Send technical notices and support messages
  • Respond to your comments and questions
  • Analyze usage patterns to improve the Service
  • Detect and prevent fraudulent or illegal activity
  • Detect file types using AI to improve content handling

AI-assisted file type detection: We may use AI to analyze uploaded content to determine file types and improve how we handle your files. This processing is done in real-time and we never store unencrypted copies of your content for AI analysis. Your data remains encrypted at rest.

3. Log Data

When you access the Service, our servers automatically collect log data that may include:

  • IP address
  • Browser type and version
  • Operating system
  • Date and time of access
  • Pages visited and actions taken
  • Referring URL
  • User agent string

This data is used for security, analytics, and to maintain the Service. Log data is typically retained for 90 days.

4. Data Storage

Your uploaded content is stored on secure servers. We implement industry-standard security measures to protect your data. However, no method of transmission over the Internet is 100% secure.

5. Data Encryption

All uploaded content is encrypted using AES-256-GCM (Advanced Encryption Standard with 256-bit keys in Galois/Counter Mode), a widely trusted encryption standard used by governments and security-conscious organizations worldwide.

How it works:

  • When you create an account, a unique encryption key is generated specifically for your data
  • This key is securely stored in your user profile's private metadata via Clerk, our authentication provider
  • All blobs (files and snippets) are encrypted server-side before being stored in Google Cloud Storage
  • When you request your content, it is decrypted on our servers using your unique key before being delivered to you

What this protects against: This encryption provides protection against unauthorized access to stored data, including potential data leakage from storage buckets. Even if raw storage data were exposed, it would be unreadable without the corresponding encryption keys.

Important limitations: This is server-side encryption, not end-to-end client-side encryption. Your content is decrypted on our servers to serve requests, which means we technically have the ability to access your unencrypted data. If you require end-to-end encryption where even we cannot access your content, you should encrypt your files locally before uploading.

6. Data Sharing

We do not sell your personal information. We may share data with third-party service providers who assist in operating the Service, subject to confidentiality obligations. We may disclose information if required by law.

7. Third-Party Services

We use third-party services to operate the Service. These providers have their own privacy policies governing how they handle your data:

  • Clerk - Authentication and user management
  • Google Cloud Storage - File storage
  • Vercel - Hosting and infrastructure
  • PostHog - Analytics (see Analytics section below)
  • Neon - Database services

We encourage you to review the privacy policies of these third-party services. We are not responsible for the privacy practices of third parties.

8. Analytics

We use PostHog for analytics to understand how the Service is used and to improve it. PostHog may collect information such as:

  • Pages visited and features used
  • Time spent on pages
  • Click patterns and user flows
  • Device and browser information
  • Approximate geographic location (country/region level)

This data is used in aggregate to improve the Service and is not used to personally identify individual users.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws. By using the Service, you consent to the transfer of your information to these countries. We take steps to ensure your data remains protected in accordance with this Privacy Policy.

10. Cookies and Tracking

We use cookies and similar technologies to maintain sessions, remember preferences, and analyze Service usage. You can control cookie settings through your browser.

11. Do Not Track Signals

Some browsers have a "Do Not Track" (DNT) feature that sends a signal to websites you visit indicating you do not wish to be tracked. The Service does not currently respond to DNT signals. However, you can opt out of analytics tracking by using browser extensions or adjusting your browser settings.

12. Public Content

When you make content public on the Service, it may be accessed by anyone on the internet, indexed by search engines, and cached by third parties. We have no control over how third parties may use or distribute your public content. Once content is made public, we cannot guarantee its complete removal from the internet even if you later delete it or make it private.

13. Your Rights

You have the right to access, correct, or delete your personal information. You may also request a copy of your data or ask us to restrict processing. Contact us to exercise these rights.

14. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your personal data under the following legal bases:

  • Contract Performance - To provide the Service you requested
  • Legitimate Interests - To operate, improve, and secure the Service
  • Consent - Where you have given explicit consent for specific processing
  • Legal Obligation - To comply with applicable laws

You may withdraw consent at any time where processing is based on consent. EEA residents have additional rights including data portability and the right to lodge a complaint with a supervisory authority.

15. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

  • Right to Know - Request disclosure of the personal information we collect, use, and disclose
  • Right to Delete - Request deletion of your personal information
  • Right to Opt-Out - We do not sell personal information to third parties
  • Right to Non-Discrimination - We will not discriminate against you for exercising your rights

To exercise these rights, contact us at privacy@uldl.sh. We will verify your identity before processing your request.

16. Account Deletion

You may delete your account through your account settings or by contacting us at privacy@uldl.sh. We use hard delete, not soft delete. Upon account deletion:

  • Your account and profile information will be permanently and immediately deleted
  • All your uploaded content will be permanently removed from our database and cloud storage
  • Your encryption keys will be permanently deleted
  • This deletion is immediate and irreversible — we do not retain your data in a "deleted" state
  • Public content that was cached or copied by third parties cannot be removed by us

Account deletion is irreversible. Please download any content you wish to keep before deleting your account.

17. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. Uploaded content follows the retention policies of your subscription tier.

18. Children's Privacy

The Service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we learn we have collected such information, we will delete it promptly. If you believe a child under 13 has provided us with personal information, please contact us.

19. Security Breach Notification

In the event of a data breach that affects your personal information, we will notify affected users as required by applicable law. Notification may be made via email to the address associated with your account or through a prominent notice on the Service. We will provide information about:

  • The nature of the breach
  • Types of data potentially affected
  • Steps we are taking to address the breach
  • Recommended actions you can take to protect yourself

20. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we may provide additional notice such as an email notification. Your continued use of the Service after changes constitutes acceptance of the updated policy.

21. Contact Us

For questions about this Privacy Policy or to exercise your privacy rights, please contact us at privacy@uldl.sh.