Privacy Policy

Last Updated: September 22, 2023

Thank you for visiting this web site of Action Verb LLC d/b/a Files.com (“we”, “our”, "Files.com"). We recognize that your data is very personal and sensitive. This Privacy Policy explains our commitment to protecting your privacy, with regard to your use of Files.com (the “Site”) and the Files.com asset hosting service (the “Service”), and includes ExaVault, LLC.

By using this Service, you accept privacy practices contained in this Privacy Policy. You are encouraged to regularly review this Privacy Policy to make sure you understand how any personal information you provide will be used.

1. Information We Collect

Information You Provide to Us

  • Site Content: The actual contents of the files you upload to the Service.
  • Registration and Billing Data: Names, addresses, phone numbers, email addresses, and sometimes payment information.
  • Correspondence Data: Information you send to us via email, our contact form, our chat widget, or other means of correspondence.

Information We Automatically Collect When You Use the Site and/or Service

  • Site Metadata: We collect metadata about your Site Content that is distinct from the actual content itself. Site Metadata includes file and folder names, modification dates, permissions, size information, history notification, usernames, group names, user and group settings, and site-wide settings. Site Metadata does not include passwords used by users to access the Service.
  • Usage Data: While using the Service, we also collect usage information customarily logged by web and FTP server software, including the date and time of your visit, the originating IP address, the pages and files requested, and other similar types of information.
  • Device Data: We also collect information from and about the devices you use to access the Site and Service. This includes things like the type of browser and device you use, the web page you visited before coming to our sites, and identifiers associated with your devices.
  • Cookie and Other Tracking Data (aka “Cookie Data”): Use of the Service and certain Site features require support for cookies, small pieces of data that are stored on your computer’s hard drive and transmitted back to us with each web page request. A cookie simply identifies your browser to the Service or Site by assigning it a unique ID number.

2. How Information Is Used

We treat different types of information differently, and have a legitimate use for each type of data.

  • Site Content is stored securely and may only be accessed by users on who have been given the appropriate permissions to that Site Content by someone with account administrators permissions on the account. We will not access this data for any purpose, except as provided herein. For GDPR purposes, we are processors of Site Content.
  • Site Metadata is used by our software systems to provide the Service and account administrators have the option of displaying Site Metadata to users on the account. We may use aggregated information about Site Metadata for the purpose of operating and improving the Service. We advise naming your files such that the mere names of files or folders do not reveal confidential information.
  • Usage Data and Device Data are used to help us understand how the Service and Site are being used; improve the Site and Service; ensure compliance with the Terms of Service; and, detect, investigate, and prevent fraud and abuse.
  • Correspondence Data is used to communicate with you regarding any questions, comments, or concerns relating to the Site or Service.
  • Registration and Billing Data is used for billing purposes and to notify you about important service-related notices, include feature updates.
  • Cookie Data enables us to associate your session with your account, and provide certain features, such as ensuring your selected language and currency options are maintained. Email or newsletters that we send electronically may use techniques such as web beacons or pixel tags to gather email metrics and information to improve the reader’s experience, such as the number of emails that are opened, whether they were forwarded or printed, the type of device from which they were opened, and the locations (e.g. city, state, and county) associated with the applicable IP address. Please note that you do have the option to configure most web browsers to not accept cookies. However, be aware that disabling cookies may keep you from having access to some functions or services on our Site or with our Service. Because there is not yet a consensus of how to interpret web browser-based “Do Not Track” signals other than cookies, we do not currently respond to “Do Not Track” signals that are undefined.
  • E-Mail addresses collected will be used to communicate with you regarding the Service. We communicate such things as announcements of new features, changes to Terms of Use/Privacy Policy, information about pricing changes or systems outages, and other Service-related announcements. You can cancel your participation in any of these email lists at any time by clicking the Unsubscribe link or other unsubscribe option that is included in the respective email. We only send emails to people who have authorized us to contact them, either directly, or through a third party. We do not send unsolicited commercial emails, because we hate spam as much as you do. By submitting your email address, you also agree to allow us to use your email address for custom audience targeting on sites like Facebook, where we display custom advertising to specific people who have opted-in to receive communications from us.
  • Telephones numbers you provide to us may used to contact you with any troubleshooting or billing issues. We may also use telephone number for multi-factor authentication if you use that feature.

All of the above information may be used to undertake accounting and administrative tasks, or manage legal claims.

All information may be disclosed when legally required to do so, at the request of governmental authorities conducting an investigation, to verify or enforce compliance with the Terms of Use and policies governing the Service and applicable laws or to protect against misuse or unauthorized use of the Service.

If the ownership of all or substantially all of Files.com, or individual business units associated with the Service, were to change, your user information may be transferred to the new owner so the service can continue operations. In any such transfer of information, your user information would remain subject to the promises made in this Privacy Policy. In the event of such transaction, we will alert Files.com paying customers of such change via e-mail, and provide an opportunity to cancel or change your Service.

3. Sharing of Data With Third Parties

We use Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies and other methods to help us study usage patterns on the Service. Information generated from your use of the Service will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of preparing reports regarding aggregate use of the Service.

We use Help Scout, a customer support helpdesk service, to manage and track customer requests.

We use other third parties to facilitate our business, such as server hosting, file hosting, customer communication, usage tracking, and payment processing. In connection with these offerings and business operations, our service providers may have access to your information for use for a limited time in connection with these business activities. Where we utilize third parties for the processing or storing of any information, we have ensured that they will fully comply with this Privacy Policy.

Other parties such as advertising partners and analytics companies may also be collecting information about your online activity across various websites over time. The information collected by those third parties may include identifiers that allow those third parties to tailor the ads that they serve to your computer or other device.

If you visit the Site or login to the Service and use OpenID or OAuth (such as Facebook or Google), you may also be sharing and integrating data with third-party social media sites, and we may track aggregate data about the number of visits to this site with an open ID, the number of items “liked” on this site, or items on this site that you choose to share with a third-party social media site.

Third party retargeting networks may also use cookies to display our advertisements to you on other sites. You can opt-put of a third-party vendor’s use of cookies by visiting the Network Advertising Initiative opt-out page, or you may try opting out at the websites of industry groups such as the Digital Advertising Alliance, or if located in the European Union, the European Interactive Digital Advertising Alliance. You may also be able to control advertising cookies provided by publishers, for example Google’s Ad Preference Manager. Note that even if you choose to opt out of receiving targeted advertising, you may still receive advertising, although it should not be tailored to your interests or activities.

If you use the Google Sign-In Integration, then we will use your email address and profile data for purposes of authenticating and signing-in to the Service. If you use Files.com's Google Cloud integration, then you are granting us the ability to access, modify, read, and delete your files on Google Cloud for purposes of syncing and transferring them between Google Cloud and the Service.

We have a data processing agreement with any third parties that process personally identifiable information that we control.

4. Our Access to Your Site Content and Metadata

We have implemented controls designed to prevent our employees and contractors from accessing or using your data except for the limited purposes set forth in this Privacy Policy. We promise not to access your Site Content for any purpose, except as set forth herein or as required by law.

When filing an authenticated support ticket, your Site administrators have the option to grant our customer success engineers temporary access to "Site Content'. Additionally, customer success engineers have access to “Site Metadata”, which they will only access for the purpose of providing support upon request. These customer success engineers are all Files.com employees (not contractors) located in the United States who have agreed to uphold this Privacy Policy. If they fail to preserve this confidence, they are subject to disciplinary action, including losing their job, and potential criminal prosecution.

We feel compelled to note that due to the nature of the job, our software developers and database and server administrators may have access to your Site Content while logged in directly to our application servers. These people are all Files.com employees (not contractors) located in the United States who have agreed to uphold this Privacy Policy and its promise to not access your Site Content. If they fail to preserve this confidence, they are subject to disciplinary action, including losing their job, and potential criminal prosecution. All access to our application servers by our employees is logged.

5. Security

We use a variety of technical and organizational safeguards to prevent unauthorized access of your data, which you can read about on our comprehensive Compliance and Security page.

6. EU-US Data Privacy Framework (successor of Privacy Shield)

The EU-US Data Privacy Framework officially launched, and replaced Privacy Shield as an approved mechanism for transferring data from the EU to the US. You can read more about our compliance with GDPR specifically on our GDPR page.

Files.com complies with the EU-U.S. Data Privacy Framework program (EU-U.S. DPF) as set forth by the U.S. Department of Commerce. Files.com has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework programPrinciples (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

In compliance with the EU-US Data Privacy Framework program's Principles, Files.com commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF Principles. European Union individuals with DPF inquiries or complaints should first contact privacy@files.com.

Files.com has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2

Our commitments under the DPF are subject to the applicable enforcement powers of the U.S. Federal Trade Commission (FTC).

Files.com engages a limited number of third-party service providers to assist the Service, including related support functionality. We are responsible for the processing of personal data we may receive under each Data Privacy Framework, including subsequent transfers to third parties we engage who are acting on our behalf, including the onward transfer liability provisions for applicable frameworks. Files.com may be liable in cases where those third parties we engage do not meet the obligation to process personal data in accordance with the Data Privacy Framework Principles or other applicable EU data protection requirements, unless we prove that we are not responsible for the event giving rise to the violation.

Files.com collects information via the use of the Service as described herein, and by our business customers who store data on, or transfer data through, the Service. Accordingly, we may not have a direct relationship with an individual whose personal data our business customers process through the Service. As an individual, if you have concerns about your personal data being processed, or if you seek access or want to correct, amend, or delete inaccurate data, please contact us at privacy@files.com and we will work with connecting you with the organization responsible for processing your personal data within a reasonable timeframe.

Files.com compliance with the EU-U.S. DPF includes its subsidiary, ExaVault, LLC.

7. Data Retention

You may use the Service to freely delete any of your Site Content, and doing so will remove such content from our active servers immediately. If you have configured backup retention after deletion for your Site Content, backups may remain on our backup servers for the period of time that you or your account administrator has specified as the backup retention period.

All of your Site Content and Site Metadata will be deleted from our active and backup servers within 7 days when you cancel your account.

Because of our efforts to ensure Service availability, we maintain backup copies of all Site Metadata. As a result, residual copies of your Site Metadata may remain on backup media, backup servers, and disk snapshots for up to 30 days after deletion or account cancellation.

Registration and Billing Data, Correspondence Data, Cookie Data, Device Data, and Usage Data will respectively be deleted or anonymized upon termination of the Service (if applicable), and when we have no ongoing legitimate business need to process your information. We take reasonable steps to limit the minimize the volume of data we collect from you and the length of time we retain your data. You have the right to obtain our confirmation of whether we maintain personal information relating to you. Upon request, we will provide you with access to the personal information that we hold about you. You may also may correct, amend, or delete the personal information we hold about you. Your right to access your personal data may be restricted in exceptional circumstances or vary based on where you reside. If we determine that your access should be restricted in a particular instance, we will provide you with an explanation of our determination.

If you are an individual and you believe that we have your personal information, you may contact us using the email or contact form below regarding how your information is used and shared, including to exercise your data protection and privacy rights at any time.

For people residing in the EU, the GDPR provides certain rights. You may decline to share certain information with us, in which case we may not be able to provide some of the features and functionality of the Site and Service. These rights include, in accordance with applicable law, the right to object to or request the restriction of processing of your information, and to request access to, rectification, erasure and portability of your own information. Where we process your information on the basis of your consent, you have the right to withdraw that consent (noting that such withdrawal does not affect the lawfulness of any processing performed prior to the date on which we receive notice of such withdrawal, and does not prevent the processing of your personal information in reliance upon any other available legal bases). Requests should be submitted by contacting us using the contact details below. If you are within the EU and have any unresolved privacy concern that we have not addressed satisfactorily after contacting us, you have the right to contact the appropriate EU Supervisory Authority and lodge a complaint.

8. Minors

The Service and Site are not intended for use by children, especially those under 13. We do not knowingly collect personally identifiable information from children under 18 years of age. If your minor child has provided us with personally identifiable information, you may reach us using the contact information below if you want this information deleted from our records.

9. Other Provisions

Your use of the Service is governed by a Terms of Service, and potentially additional documents (e.g. a BAA or DPA) which will prevail in the event of a conflict with this document, except with respect to EU-US Privacy Shield, GDPR provisions, or other applicable legal requirements.

This Privacy Policy does not describe information collection practices on other third party sites, including those linked to or from the Site. We do not control and are not liable for actions of any third parties who we may promote and/or link to from this Site.

We take reasonable steps to ensure that your personally identifiable that we control is limited to that which is reasonably necessary in connection with the purposes set out in this Privacy Policy or as required to provide you services or access to the Site or Service.

You agree that by submitting your telephone contact information on this web site and/or registering to receive the Service offered herein, such act constitutes a purchase, an inquiry, and/or an application for the purposes of the Amended Telemarketing Sales Rule (ATSR), 16 CFR ‘310 et seq. and any applicable state and local “do not call” regulations. We retain the right to contact you via telemarketing in accordance with the ATSR and the applicable state regulations.

For additional information about our commitment to GDPR, you can visit our site.

10. Note to California Residents

If you live in the State of California, under the California Civil Code, you have the right to request that companies who conduct business in California provide you with a list of all third parties to which the company has disclosed Personal Information during the preceding year for direct marketing purposes.

Alternatively, the law provides that if a company has a Privacy Policy that gives either an opt-out (often referred to as “unsubscribe”) or opt-in choice for use of your Personal Information by third parties (such as advertisers or affiliated companies) for marketing purposes, that the company may instead provide you with information on how to exercise your disclosure choice options. This Site qualifies for the alternative option; it has a comprehensive Privacy Policy and provides you with details on how you may either opt-out or opt-in to the use of your Personal Information by third parties for direct marketing purposes. Therefore, we are not required to maintain or disclose a list of the third parties that received your Personal Information for marketing purposes during the preceding year.

If you are a California resident and want to request information about how to exercise your third party disclosure choices, you must send a request using the online contact form listed in the Contact Us section below.

All requests must be labeled “Your California Privacy Rights” on the subject of the actual request. For all requests, please include your name, street address, city, state, and zip code. Please include your zip code for our own record-keeping. Requests that are improperly labeled or that are missing the required information will not be processed.

For information on CCPA and CPRA, please visit our site.

11. Contact Us

Files.com regularly reviews its compliance with this policy. Questions regarding the Privacy Policy or privacy-related requests should be sent by e-mail to us using our online contact form. Alternatively, you may call us at +1 (800) 286-8372 or write to us at Files.com, ATTN: Privacy Policy, 222 S Mill Ave, Suite 800, Tempe, AZ 85281, United States.

Our Data Protection Officer may be contacted at privacy@files.com.

12. Changes to This Privacy Policy

Files.com reserves the right to change this Privacy Policy at any time by posting a new Privacy Policy at this location and alerting Files.com paying customers of such change via E-Mail. Any change(s) to this Privacy Policy will take effect within thirty (30) days after such changes have been posted. Your continued use of the Service following such changes will indicate your acceptance of those changes.

This document was last updated according to the date at the top of this page.

Get Instant Access to Files.com

The button below will take you to our Free Trial signup page. Click on the white "Start My Free Trial" button, then fill out the short form on the next page. Your account will be activated instantly. You can dive in and start yourself or let us help. The choice is yours.

Start My Free Trial

©2024 Files.com. All right reserved

FILES.COM

  • Start My Free Trial
  • Pricing
  • Docs
  • API and SDKs
  • Contact

CONTACT & SUPPORT

support@files.com

(800) 286-8372

Monday–Friday

9am–8pm Eastern