Back to FileSurf

Privacy Policy

Last updated: January 28, 2026

TL;DR - Quick Summary

Your data stays private: Files and chats are isolated to your session only

AI providers don't store your data: AWS Bedrock never logs, stores, or trains on your content

Sandboxed processing: All AI agents run in isolated containers with strict security

You control your data: Delete files, sessions, or your entire account anytime

Invite-only access: Only approved emails can use FileSurf (no public registration)

Enterprise security: TLS 1.2+ encryption, HttpOnly cookies, and secure data storage

Your Privacy Matters

At FileSurf, we take your privacy seriously. We've built our platform with security and data protection as core principles. This policy explains how we handle your data and the measures we take to keep it safe.

Information We Collect

Account Information

  • Email address (for invite-only authentication)
  • User ID (automatically generated)
  • Login timestamps

Files and Content

  • Files you upload to your sessions
  • Chat messages and conversations
  • Session metadata

How We Protect Your Data

Sandboxed AI Processing

All AI agents run in isolated, sandboxed containers. This ensures that processing happens in a secure environment with strict access controls, preventing unauthorized access to your data.

Enterprise-Grade LLM Security (AWS Bedrock)

We use Amazon Bedrock for AI-powered features. AWS Bedrock provides enterprise-grade data protection guarantees:

  • No data storage: Your prompts and completions are not stored or logged by Amazon Bedrock
  • No training data: Your content is never used to train any AWS models or distributed to third parties
  • No provider access: Model providers have no access to your prompts, completions, or Amazon Bedrock logs
  • Encrypted in transit: All communications use TLS 1.2+ encryption (AWS requires TLS 1.2 minimum, recommends 1.3)
  • Isolated processing: Models run in AWS-controlled deployment accounts with strict access controls

Learn more: AWS Bedrock Data Protection

Session Isolation

Each user session is completely isolated. Your files and conversations are only accessible to you and cannot be viewed by other users.

Secure Authentication

We use invite-only authentication. Only pre-approved email addresses can access the platform. Secure, HttpOnly cookies with 365-day expiration protect your session.

Data Retention

Session Data: Your files and chat history remain stored until you explicitly delete them or conclude your session.

Account Data: Your email and user ID are retained for the lifetime of your account unless you request deletion.

AI Processing: Your prompts and responses are processed in real-time and are not retained by AI service providers.

Your Rights

You have the following rights regarding your data:

  • Access: View what data we have about you
  • Deletion: Delete your sessions, files, and conversations at any time
  • Export: Download your files from any session
  • Account Closure: Request complete account deletion by contacting the administrator

Invite-Only Access

FileSurf operates on an invite-only basis. This means:

  • Only approved email addresses can create accounts
  • No self-registration is available
  • Administrators can activate or deactivate accounts
  • This ensures a controlled, trusted user base

Technical Security Measures

TLS 1.2+ Encryption

All data in transit is encrypted

HttpOnly Cookies

Protected from XSS attacks

Container Isolation

AI agents run in sandboxes

Secure Data Storage

Industry-standard encryption

Updates to This Policy

We may update this privacy policy from time to time. When we do, we'll update the "Last updated" date at the top of this page. We encourage you to review this policy periodically to stay informed about how we protect your information.

Questions?

If you have any questions about this privacy policy or how we handle your data, please contact the administrator.

Return to FileSurf