vitalsend.eu Logovitalsend.eu Logo
Send Send Pricing FAQ News About Sign in Create account Account
Theme:

VitalSend Terms and Privacy (Combined)

This document combines the Terms of Service and Privacy Policy for VitalSend.

1. Parties and scope

VitalSend.eu (Agiletto AB) ("VitalSend", "we", "us") provides a one-time, end-to-end encrypted file transfer service. By using the service, you agree to these terms.

2. Service description

  • One-time download only. After a successful download, the encrypted file and transient transfer record are deleted from our systems.
  • Files are end-to-end encrypted. We do not, and cannot, access or view file contents.
  • The service is designed for irreversible handover, not for storage or collaboration.
  • Accounts support recurring use, quota, subscription state, and billing. Accounts do not create file archives, shared folders, or recoverable transfers.
  • VitalSend protects file contents against the service operator and network adversaries, assuming an honest client running in a non-compromised browser environment.

3. User responsibilities and prohibited use

You must not use the service to transmit illegal content, including but not limited to child sexual abuse material, hate content, malware, or content that violates applicable law.

There is no age restriction for use of the service.
You must be able to enter a binding contract under applicable law.

4. Availability and support

We aim for high availability but do not guarantee uninterrupted service. Support is provided via [email protected].

5. Payments and dispute guarantee

  • Payments are processed by Mollie.
  • Mollie processes payment data as our payment provider.
  • Payment references and transaction status may be stored on our servers where needed for checkout, receipts, subscriptions, accounting, and support.
  • If you claim a file did not go through, we will issue one replacement transfer free of charge if you provide upload time, file size, and file name.
  • We must retain certain payment information for legal and accounting purposes.

6. Privacy: data we process

GDPR governs the personal data a company holds. VitalSend holds almost none. Files are encrypted on your device before upload, so our servers never see their contents, and both the file and its transfer record are deleted after one download. The only personal data we keep is what your account and billing require: an email, payment references, usage counters. After a transfer completes there is no file left to leak or to be compelled to hand over.

We minimize data by design. We process only what is required to deliver the service.

6.0 Data controller

VitalSend.eu (Agiletto AB) is the data controller for personal data processed under this policy.

6.1 Account data

If you create an account, we store account data needed to operate the account product.

  • Email address
  • Name and profile fields you provide
  • Password hash
  • Email verification state
  • Session and reset tokens
  • Current plan, subscription state, and pending plan changes
  • Quota and usage counters
  • Billing references such as Mollie customer, subscription, and transaction identifiers

Account data persists while the account exists and as long as required for legal, billing, security, and support purposes.

6.2 Transfer data

Transfer data is created when you send a file. It is separate from account identity except where logged-in sending needs quota and billing enforcement.

  • File name
  • File size
  • File type, if provided by the browser
  • Expiration time
  • Upload status
  • Payment status
  • Download state and password-attempt state

Transfer data is kept until the file is downloaded, destroyed after too many wrong password attempts, reset by the sender, or expires. It is then deleted from our active systems.

For logged-in sending, aggregate quota usage persists on the account. The encrypted file and transient transfer record do not become account file history.

6.3 Transfer visibility and receipts

  • Account pages show current quota, remaining transfers, billing status, and plan state.
  • VitalSend does not provide a file archive, recoverable transfer history, or shared folder view.
  • Receipt metadata may exist for accounting and receipt delivery.
  • Download status is used to enforce one-time delivery and cleanup. It is not a permanent file-access log for collaboration or storage.

6.4 Logs and analytics

  • We do not store personally identifiable information in logs, such as IP addresses or payment identifiers.
  • We do not log file names.
  • We do not connect payment records to file contents.
  • Necessary cookies and local storage are required for login, security, payments, transfer state, theme, and consent preferences.

6.5 Backups

Backups are used only to restore service. They are not used for analytics or profiling.

6.6 Storage location

All data is stored and processed within the EU.

6.7 Data retention

  • Transfer data is deleted after download or expiry.
  • Account data is retained while the account is active and for the period required by law, billing, security, or support needs.
  • Payment records are retained as required by Swedish accounting law.

6.8 Sharing and processors

  • Mollie processes payment data on our behalf.
  • We receive payment status and transaction identifiers from Mollie.
  • We do not sell personal data or share it for marketing purposes.

6.9 International transfers

We do not transfer personal data outside the EU.

6.10 Automated decision-making

We do not use automated decision-making or profiling with legal or significant effects.

6.11 External delivery channels

If you choose to send the link by email through the built-in email service we provide, there will be traces in systems outside our control, as with any email. The sender of such emails is vitalsend.eu and is not connected to the user in any form. The same applies if we provide a service to send the password by SMS.

7. Security

  • End-to-end encryption for file contents. End-to-end encryption means files are encrypted in the sender's browser before upload and can only be decrypted by the recipient with the link (and optional password). Encryption uses XChaCha20-Poly1305 with a 256-bit key generated in your browser; the key is only shared via the link. The link itself is not secure since it contains the key. Therefore we recommend using the optional password and sending it to the recipient in another channel.

  • The encryption key never leaves the user's browser unless the user chooses our built-in email service to send the link to the recipient, in which case the link (containing the key) is forwarded to the recipient.

  • Treat links and passwords as secrets and never send them together in the same message.

  • Security depends on an honest client running in a non-compromised browser environment.

  • After download with the correct key and password, the file and metadata are deleted from our systems.

  • If the user enters the wrong password three times, the file and all metadata are also deleted to prevent brute-force attempts. The only way to remedy the situation is to resend the file.

8. Legal basis (GDPR)

We process data to perform the contract (provide the transfer service) and to comply with legal obligations (e.g., accounting for payments).

9. Data subject rights

You can request access, correction, or deletion of personal data we hold by contacting [email protected]. You also have the right to object to or restrict processing, and to data portability where applicable. Requests may be limited by legal obligations (for example, accounting requirements).

If you believe we process your data unlawfully, you can file a complaint with the Swedish Authority for Privacy Protection (IMY).

10. Governing law and disputes

These terms are governed by Swedish law. Disputes shall be decided by Swedish courts (tvistedomstol).

11. Contact

VitalSend.eu (Agiletto AB)
Email: [email protected]