Privacy Policy

This Website does not collect any personal data other that those indicated in the previous section.

Your personal data will be stored and processed in servers located within the EU territory.

Controller staff may become aware of your personal data. In particular, the data may be disclosed under the Controller’s or Processor’s (where appointed) authority to the IT systems repair and maintenance staff.

All purchases made through the Website are processed by a third party payment processor, Paddle (paddle.com). Paddle may ask you for personal and/or non-personal information, such as your name, address, email address, credit card information, or other Personal Information. Paddle has a privacy policy (paddle.com/legal/privacy) that describes their collection and use of personal information. We (sftpgo.com Website) does not control Paddle or its collection or use of information. Any questions or concerns about Paddle’s practices should be directed to Paddle.

Paddle provides us with certain non-personal information relating to purchases made by visitors to the Website. The non-personal information may include details of the purchase such as the date, amount paid, and product purchased. The non-personal purchase information may be linked to the Personal Information you provide to us (typically limited to your email address). Paddle does not supply us with any of your other Personal Information such as your name, street address, or credit card information.

To manage your subscriptions you will be redirected to a portal managed by Paddle.

The data you store on SFTPGo SaaS service is encrypted in transit and you can configure encryption at REST on the server side using your own encryption key. If you configure your own encryption key, SFTPGo uses the key that you provide to apply AES-256 encryption to your data.  With the encryption key that you provide SFTPGo manages data encryption as it writes to disks and data decryption when you access your objects.
The encryption key is stored encrypted itself and passwords are stored hashed.

We do not access or use your content for any purpose without your consent. We never use your content or derive information from it for marketing or advertising.

We do not disclose customer information unless we're required to do so to comply with a legally valid and binding order. Unless prohibited from doing so or there is clear indication of illegal conduct in connection with the use of our products or services, we notify customers before disclosing content information.

We track connections (IP and username, unrelated to email addresses) and file system activity (file upload/download/rename/deletion) and stores the logs for 14 days. We also store application related logs for 14 days to be able to provide support.
Any sensitive information you may provide while using our services, such as passwords, is redacted in log files and stored in encrypted or hashed form.

We utilize firewalls to restrict access to our services. By default, all access is denied and only explicitly allowed ports and protocols are allowed based on your business requirement. Each system is assigned a security group based on its function.

Backend access to the OS level is limited to our staff and requires key authentication and/or multi factor authentication.

Your data will be deleted if you unsubscribe from our services.

A cookie is a small file made of numbers and letters that it is saved on your computer. Some functionalities of this Website will be restricted if you refuse to accept cookies.

Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you.

You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer.

Our Website contains links to other websites that are not owned or controlled by us. Please be aware that we are not responsible for the privacy practices of such other websites or third parties. We encourage you to be aware when you leave our Website and to read the privacy statements of each and every website that may collect Personal Information.

In particular, as noted above, purchases made through the Website are handled by Paddle and all such transactions, including any Personal Information or non-personal information collected by Paddle, are under the control of Paddle. We encourage purchasers to read Paddle’s Privacy Policy (paddle.com/legal/checkout-buyer-terms).

In accordance with Articles 7, 13, 15, 16, 17, 18, 19, 20, 21, 22 of the UE Regulation 679/2016 you can, at any time, exercise the following rights, by contacting Controller at support@sftpgo.com

• the right to obtain from the Controller confirmation as to whether or not personal data concerning you are being processed;
• the right to obtain the access to your personal data;
• the right to request from the Controller rectification or erasure of your personal data;
• the right to request from the Controller restriction of processing of your personal data;
• the right to object to the processing of your personal data;
• the right to receive the personal data concerning you, which you have provided to Controller, in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided (data portability).
• Furthermore, if you believe that your rights have not been respected, you can file a complaint with the competent Supervisory Authority.