Your privacy is our mission
2. Personal data
Visitor: Any individual visiting our websites who has not registered an account.
Member: An individual who has registered an account on our Service.
User: A collective identifier that refers to either a Visitor or a Member.
3. Controller and Processors
The Koofr products and services are developed by Koofr d.o.o., which is a software engineering company headquartered in the European Union. The legal person who solely determines the purposes and means of the processing of personal data when using the Koofr products and services ("Controller") is:
Slovenia, European Union
The processor of personal data may be:
a) the controller,
b) third parties: external contractual service providers that we use in connection with specific functions of our business process, e.g. accounting, billing.
4. Consent and Limits to Use
By giving us your consent and providing your personal data to Koofr you indicate that we may collect, process, store or use the provided personal information for the legitimate purpose of enabling you to access our products and services and for related business activities, which may include contacting you, processing your requests and orders, answering your sales or technical support inquiries. Your personal data will not be used for any other purpose. You may withdraw your consent at any time.
It is our belief that children have no requirements for our software and we do not verify age or obtain parental or guardian consent for any data processing activity and we will not knowingly store any data regarding a child under the age of 16. The software has no age sensitive material nor should pose any risk to children.
6. Data Protection
All your data are encrypted in transit and at rest and redundantly stored on our servers. Decryption keys and metadata are kept separately from the content. The servers are solely managed by our operations team with strict physical and logical access controls in place to safeguard your privacy and the integrity of your data.
We use the latest technologies and administrative procedures to safeguard your personal data. Koofr servers are hosted by professional, industry-proven, ISO 27001-certified data centers in the European Union with modern facilities and equipment such as redundant or backup power supplies, redundant data communication connections, environmental controls (e.g. air conditioning, fire suppression) and security devices.
7. Integrated Third Party Website Services
In order to provide the services and improve our application, we may engage the services of third-party vendors such as Headway. In the process of supplying such website services through our official website, these third-party vendors may collect your IP address provided by your web browser.
8. Data collected from Visitors
When you visit our website or a link someone sent you through our application, we receive a limited scope of personal data transmitted to us by your browser. This enables you to access our website.
The data transmitted by your browser include your personal data such as your IP address and meta data such as timestamp, technology used (operating system, browser, network etc.), referrals (website from which the request comes), language and the country of origin. Some of these data may be stored by our servers in server logs.
Logs are regularly automatically deleted.
If any of these data should be used to improve our service, it will be anonymized.
Our website has no cookies for users that do not login. Because we are awesome that way.
9. Data collected from Members
If you decide to sign up for a free Koofr account, we will ask you to provide the following personal information:
You are only required to provide your real email address during the registration process.
If you purchase one of our paid plans, we are legally obliged to collect additional information from you such as:
Company name and VAT ID (in case of a EU company)
You will also need to provide billing info (credit card or Paypal) to our third party payment processor (Braintree payments - part of Paypal, Inc. group). No billing info is processed or stored by us.
To be able to keep you logged into our service, we will also put a small cookie in your browser, which serves only as a session cookie (keeping you authenticated for a certain period of time). No tracking cookies are used by our service.
10. Automatically collected data from Members
In order to provide you with our service and offer support, we may collect additional information when you use the application. Specifically, we log events such as password change, file upload, file deletion, link creation and similar.
You can always view all the logged events inside the web application under the Menu -> Activity option.
This data is kept for a period of three months and automatically deleted from our servers afterwards.
All the personal data collected from you is always visible and accessible to you through the Application.
11. Sharing with friends
Our service allows you to share files and folders with your friends, coworkers and family. By using this feature, you provide the email addresses of the people you want to share content with. These emails are used to send an invitation and subsequently provide access to the shared content. Since the invitee has not given consent to us to use his email, this information is only used inside your account. Only add people you know.
If the invitee does not respond to the invite request, his email is eventually removed from our database and he will no longer be visible as a person you shared your content with. If the person responds to the share invite, he is converted to a Member as per the usual signup procedure.
12. Third-party cloud connections
As part of our service, users can connect their existing third-party cloud storage accounts (e.g. Dropbox, Google Drive, Onedrive) to their Koofr account.
For connected accounts, Koofr collects and stores metadata information about files, but not the actual files (files residing on those accounts are not stored on Koofr). The metadata is only kept while the third-party account is connected.
13. Deleting your account and data
You can always request a deletion of your account through our support email. Such deletion also means the deletion of all the data associated with your account except the data that we legally need to store (ie invoices). Any data that may technically not be deleted (like entries in our server logs) is disassociated from you by the act of account deletion since nothing connects it to any specific person any more.
Account deletion is processed not later than 30 days after your official request and is unrecoverable - your data is completely removed from our servers in a non recoverable fashion. Undelete is not possible. If you later create a new account with the same email, it will have no association with any previous information we may have collected in the past, since the data was removed.
Personal data is always kept only for the duration legally necessary or while needed for providing the service to you. After such periods expire and the data is no longer needed, it is securely and irreversibly destroyed.
14. Data Transfer to Third Parties
We limit sharing of your personal information with third parties to the bare essentials. We may share some of your personal data such as your name and address with our Accounting, and our Payment processor and/or Bank as needed due to legal reasons. We strive to be as transparent as possible regarding the transmission of your personal data. You will be asked for consent before your personal data is shared with any third party processors not mentioned here.
15. Additional provisions
The Data is processed at the Data Controller headquarters, unless stated otherwise in the rest of this document.
Action The User’s Personal Data may be used for legal purposes by the Data Controller, in Court or in the stages leading to possible legal action arising from improper use of this Application or the related services.
System Logs and Maintenance
For operation and maintenance purposes, this Application and any third party services may collect files that record interaction with this Application (System Logs) or use for this purpose other Personal Data (such as IP Address). Logs are automatically deleted after 3 (three) months.
Information not contained in this policy
More details concerning the collection or processing of Personal Data may be requested from the Data Controller at any time at its contact information.
The rights of Users
Users have the right, at any time, to know whether their Personal Data has been stored and can consult the Data Controller to learn about their contents and origin, to verify their accuracy or to ask for them to be supplemented, cancelled, updated or corrected, or for their transformation into anonymous format or to block any data held in violation of the law, as well as to oppose their treatment for any and all legitimate reasons. Requests should be sent to the Data Controller at the contact information set out above.
17. Definitions and legal references
The legal or natural person to whom the Personal Data refers to.
Small piece of data stored in the User’s device.
18. Legal information
This privacy statement has been prepared in accordance with the General Data Protection Regulation (EU) 2016/679, which is a European regulation on data protection and privacy (GDPR).