Privacy Policy

Last updated: 2025-01-01

1. Introduction

TrueFTP ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our managed FTP service and website (trueftp.com). Please read this policy carefully.

2. Information We Collect

We collect the following types of information:

  • Account Information: Name, email address, company name, and billing information when you create an account.
  • Authentication Data: Login credentials processed through WorkOS. We do not store your passwords directly.
  • FTP Activity: Usernames, file operation logs, IP addresses, timestamps, and transfer metadata for service operation and auditing.
  • Usage Data: Storage usage, bandwidth consumption, API request counts, and feature utilization for service optimization.
  • Payment Information: Processed securely through Polar. We do not store full credit card numbers on our servers.

3. How We Use Your Information

  • To provide, maintain, and improve our managed FTP service
  • To process payments and manage subscriptions
  • To send service-related communications (account updates, security alerts, billing notices)
  • To provide customer support and respond to inquiries
  • To monitor and analyze usage patterns for service optimization
  • To detect, prevent, and address technical issues and security incidents
  • To comply with legal obligations and enforce our terms of service

4. Data Storage and Security

All file data is stored on Backblaze B2 with server-side encryption. Account data is stored in PostgreSQL databases with encryption at rest. We implement industry-standard security measures including:

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for data at rest
  • Regular security audits and penetration testing
  • Role-based access control for all systems
  • Comprehensive audit logging of all administrative access

5. Data Retention

We retain your account information for as long as your account is active. FTP activity logs are retained for 90 days by default (configurable). Upon account deletion, your file data and account information will be permanently deleted within 30 days, except as required by law.

6. Third-Party Services

We use the following third-party services:

  • WorkOS: Authentication and identity management
  • Polar.sh: Payment processing and subscription management
  • Backblaze B2: Cloud object storage for file data
  • AWS EKS: Kubernetes infrastructure for application hosting

Each service has its own privacy policy and data handling practices. We recommend reviewing their respective privacy policies for complete information.

7. Your Rights

You have the right to access, correct, or delete your personal information. You may also request data portability. To exercise these rights, contact us at privacy@trueftp.com. We will respond to requests within 30 days as required by applicable data protection laws.

8. Contact Us

If you have questions about this Privacy Policy, please contact us at: privacy@trueftp.com