Privacy Policy

Introduction

Welcome to Save-to-Cloud ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application that allows you to save files from URLs directly to your cloud storage services.

Information We Collect

1. Personal Information

• Authentication Data: When you sign in using your prefered Cloud Storage, we receive basic profile information including your name, email address, and profile picture
• Session Information: We store session tokens and authentication state to maintain your login status during active sessions only
• Minimal User Data: We only store your user ID and OAuth tokens during active sessions - we do not store your name, email, profile picture, or any other personal information permanently

2. File Transfer Information

• URLs: The file URLs you provide for downloading
• File Metadata: File names, sizes, types, and transfer status
• Temporary Storage: File transfer data is only stored during the download and upload process and is automatically deleted upon completion

3. Technical Information

• Device Information: Browser type, operating system, and device identifiers
• Log Data: Server logs including IP addresses, access times, and error information
• Cookies: Session cookies and authentication tokens

How We Use Your Information

1. Service Provision (Session-Only)

• Authentication: To verify your identity and maintain secure access to our service
• File Processing: To download files from URLs and upload them to your cloud storage
• Progress Tracking: To provide real-time updates on file transfer status
• Error Handling: To diagnose and resolve technical issues

2. Service Improvement (No Personal Data)

• Performance Monitoring: To optimize application performance and reliability
• Error Handling: To diagnose and resolve technical issues

3. Security and Compliance

• Fraud Prevention: To detect and prevent abuse of our service during active sessions
• Legal Compliance: To comply with applicable laws and regulations
• Security Monitoring: To protect against security threats and vulnerabilities

Information Sharing and Disclosure

1. Third-Party Services

• Cloud Storage Providers: We integrate with Cloud Storage (Google Drive, Dropbox, Box, etc) OAuth and their API to provide our service. Files are transferred to your chosen cloud storage service (Google Drive, Dropbox, Box, etc)
• Infrastructure Providers: We use cloud infrastructure services for hosting and data storage

2. Legal Requirements

We may disclose your information if required by law or in response to:

• Valid legal requests from government authorities
• Court orders or subpoenas
• Protection of our rights, property, or safety
• Investigation of potential violations of our Terms of Service

3. Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the business transaction.

Data Security

1. Security Measures

• Encryption: All data in transit is encrypted using HTTPS/TLS
• Authentication: Secure OAuth 2.0 authentication with Google
• Session Management: Secure session handling with expiration and cleanup
• Access Controls: Limited access to user data by authorized personnel only

2. Temporary Data Storage

• Session-Only Storage: User data is only stored during active sessions
• Automatic Cleanup: Data is automatically deleted when sessions expire or users log out
• No Persistent Storage: We do not maintain permanent data of user information
• File Transfer Data: File transfer information is only stored during active transfers and deleted upon completion

3. Data Storage

• Secure Infrastructure: Data stored on secure cloud infrastructure during active sessions only
• Token Security: OAuth tokens are encrypted and securely stored during active sessions
• Temporary Storage: All user data is temporary and automatically cleaned up when sessions end
• Regular Audits: Regular security assessments and vulnerability scans

4. Data Retention

• Session Data: Automatically deleted when you log out or after inactivity
• Transfer Data: File transfer information is only stored during active transfers and automatically deleted upon completion
• User Data: User ID and OAuth tokens are only stored during active sessions and are deleted when sessions expire or users log out
• Log Data: Retained for security and debugging purposes for limited periods

Your Rights and Choices

1. Access and Control

• Account Information: Since we don't store profile information, there are no account settings to manage
• Data Export: Due to our minimal data collection approach, there is virtually no personal data to export
• Account Deletion: You can request deletion of your account, though we only store minimal session data that is automatically deleted

2. Privacy Settings

• Cookie Preferences: You can control cookie settings through your browser
• Authentication: You can revoke access to your Cloud Storage account at any time through your Cloud Storage settings
• Data Control: Since we don't store personal data, there's no personal information to control or delete

3. Data Portability

• Account Data: We only store your user ID and OAuth tokens during active sessions - no personal profile data
• Data Export: Due to our minimal data collection, there is no meaningful personal data available for export
• Session Data: All data is automatically deleted when sessions end, so there's no historical data to export

Third-Party Services

1. Cloud Storage Providers

• OAuth Authentication: We use your prefered Cloud Storage OAuth for secure authentication
• File Storage: Files are stored on your chosen cloud storage service
• Provider Policies: Each provider has their own privacy policy and terms of service
• Data Control: You maintain control over your files stored on these services

2. Analytics and Monitoring

• Performance Monitoring: We use tools to monitor application performance and reliability
• Error Tracking: We use services to track and resolve technical issues
• No Usage Analytics: We do not collect or analyze individual user behavior or usage patterns

Children's Privacy

Our service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure that such transfers comply with applicable data protection laws and implement appropriate safeguards to protect your information.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy on our website
• Displaying a prominent notice on our application

Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Email: [email protected]
• Website: finmavis.dev

Compliance and Certifications

We are committed to complying with applicable data protection laws and regulations, including:

• General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA)
• Other applicable privacy and data protection laws

Data Processing Agreements

If you are a business user and require a Data Processing Agreement (DPA), please contact us at [email protected].