Privacy Policy
In order to provide this service, we capture and store information about you, and about users uploading material to the service:
From the Website
- IP Addresses
- Request Headers
- Data entered on our website
From the API
- IP Addresses
- Request Headers
- Your user agent (browser, device, etc.)
- Data submitted to our API
All data stored by us is only used for internal processing, and never sold or otherwise given away.
Storing Your Files
Transloadit only stores temporary files, and we do so for 24 hours. Files are hashed and anonymized.
Transloadit employees only look at your files to troubleshoot problems. This rarely happens, and when it does, we do so confidentially.
Any Transloadit employee or subcontractor with access to these systems will have signed an NDA, which among things, includes enforcing 2FA for critical services, encrypted drives, and password managers.
Third Party Services
In addition to that, we use the following third party services which also store data about you:
| supplier | subject | data | encryption | anonymized | discarded | archived |
|---|---|---|---|---|---|---|
| Transloadit | end user (data subject) | browser identifiers | instantly | |||
| AWS S3 | end user (data subject) | media files | ✅ | >24h | ||
| AWS RDS | customer (business) | address, email | ✅ | >30d | ||
| AWS RDS | customer (business) | assembly meta data | ✅ | >30d | ||
| AWS RDS | customer (business) | credentials for writing to cloud storage | aes256 | ✅ | ||
| AWS RDS | customer (business) | transloadit password | bcrypt | ✅ | ||
| Discourse | customer (business) | public support tickets | n/a | |||
| Google Analytics | customer (business) | browser identifiers | ✅ | |||
| Intercom | customer (business) | browser identifiers | ||||
| Intercom | customer (business) | support tickets | ||||
| Librato | customer (business) | ops heuristics | ✅ | |||
| Papertrail | customer (business) | logs | >7d | |||
| Pusher | customer (business) | assembly meta data | ✅ | instantly | n/a | |
| RBS Worldpay/Ipayment | customer (business) | credit card data | PCI compliant |
- encrypion: At rest. All connections in transit are protected by tls
- anonymized: Identifying 'data subject' data is scrubbed
- discarded: Data is destroyed
- archived: Data is accessible only by founders
Breach Notifications
In the event that your private data or API-uploaded temporary files are disclosed to unauthorized people (such as hackers), Transloadit will send out email notifications to all possibly affected parties.