vitalsend.eu Logo
VitalSend Pricing FAQ News
Theme:

VitalSend Terms and Privacy (Combined)

This document combines the Terms of Service and Privacy Policy for VitalSend.

1. Parties and scope

VitalSend.eu (Agiletto AB) ("VitalSend", "we", "us") provides a one-time, end-to-end encrypted file transfer service. By using the service, you agree to these terms.

2. Service description

  • One-time download only. After a successful download, the file and all related transfer data are deleted from our systems.
  • Files are end-to-end encrypted. We do not, and cannot, access or view file contents.
  • The service is designed for irreversible handover, not for storage or collaboration.
  • VitalSend protects file contents against the service operator and network adversaries, assuming an honest client running in a non-compromised browser environment.

3. User responsibilities and prohibited use

You must not use the service to transmit illegal content, including but not limited to child sexual abuse material, hate content, malware, or content that violates applicable law.

There is no age restriction for use of the service.
You must be able to enter a binding contract under applicable law.

4. Availability and support

We aim for high availability but do not guarantee uninterrupted service. Support is provided via [email protected].

5. Payments and dispute guarantee

  • Payments are processed by Mollie.
  • Mollie processes payment data as our payment provider.
  • The payment identifier is stored only in the customer's browser and is not stored on our servers.
  • If you claim a file did not go through, we will issue one replacement transfer free of charge if you provide upload time, file size, and file name.
  • We must retain certain payment information for legal and accounting purposes.

6. Privacy: data we process

We minimize data by design. We process only what is required to deliver the service.

6.0 Data controller

VitalSend.eu (Agiletto AB) is the data controller for personal data processed under this policy.

6.1 Data stored temporarily per transfer

This data is provided by the sender as part of the transfer.

  • File name
  • File size
  • Expiration time
  • Payment status

This data is kept only until the file is downloaded (or the transfer expires), then deleted from our systems. File names are stored only in the transfer record, not in logs.

6.2 Logs and analytics

  • We do not store personally identifiable information in logs, such as IP addresses or payment identifiers.
  • We do not log file names.
  • We do not connect payment records to file contents.

6.3 Backups

Backups are used only to restore service. They are not used for analytics or profiling.

6.4 Storage location

All data is stored and processed within the EU.

6.5 Data retention

  • Transfer data is deleted after download or expiry.
  • Payment records are retained as required by Swedish accounting law.

6.6 Sharing and processors

  • Mollie processes payment data on our behalf.
  • We receive payment status and transaction identifiers from Mollie.
  • We do not sell personal data or share it for marketing purposes.

6.7 International transfers

We do not transfer personal data outside the EU.

6.8 Automated decision-making

We do not use automated decision-making or profiling with legal or significant effects.

6.9 External delivery channels

If you choose to send the link by email through the built-in email service we provide, there will be traces in systems outside our control, as with any email. The sender of such emails is vitalsend.eu and is not connected to the user in any form. The same applies if we provide a service to send the password by SMS.

7. Security

  • End-to-end encryption for file contents. End-to-end encryption means files are encrypted in the sender's browser before upload and can only be decrypted by the recipient with the link (and optional password). Encryption uses AES-GCM with a 256-bit key generated in your browser; the key is only shared via the link. The link itself is not secure since it contains the key. Therefore we recommend using the optional password and sending it to the recipient in another channel.

  • The encryption key never leaves the user's browser unless the user chooses our built-in email service to send the link to the recipient, in which case the link (containing the key) is forwarded to the recipient.

  • Treat links and passwords as secrets and never send them together in the same message.

  • Security depends on an honest client running in a non-compromised browser environment.

  • After download with the correct key and password, the file and metadata are deleted from our systems.

  • If the user enters the wrong password three times, the file and all metadata are also deleted to prevent brute-force attempts. The only way to remedy the situation is to resend the file.

8. Legal basis (GDPR)

We process data to perform the contract (provide the transfer service) and to comply with legal obligations (e.g., accounting for payments).

9. Data subject rights

You can request access, correction, or deletion of personal data we hold by contacting [email protected]. You also have the right to object to or restrict processing, and to data portability where applicable. Requests may be limited by legal obligations (for example, accounting requirements).

If you believe we process your data unlawfully, you can file a complaint with the Swedish Authority for Privacy Protection (IMY).

10. Governing law and disputes

These terms are governed by Swedish law. Disputes shall be decided by Swedish courts (tvistedomstol).

11. Contact

VitalSend.eu (Agiletto AB)
Email: [email protected]