FileCurator LogoFILECURATOR

Privacy Policy

Last updated: 29 March 2026

1. Data Controller Information

FileCurator is operated by Yrgen and Rhian, trading as FileCurator.

Controller vs Processor Roles: For your account information, billing data, and platform usage analytics, we act as the data controller. For files you upload about your own clients or third parties, you are the data controller and we act as your data processor, processing those files only on your instructions and in accordance with our Terms of Service and this Privacy Policy.

  • Operated by: Yrgen and Rhian, trading as FileCurator
  • Location: Cheltenham, England
  • Email: hello@filecurator.co.uk
  • Data Protection Officer: We do not currently have a Data Protection Officer as we are not required to appoint one under UK GDPR.

2. Information We Collect

Age Restriction: Our service is intended for users aged 16 and over. We do not knowingly collect personal data from children under 16. If you are under 16, please do not use our service or provide any personal information to us.

We collect information you provide directly to us, such as:

  • Account information (name, email, password)
  • Files you upload to our service
  • Usage data and analytics
  • Payment information (processed by Stripe)

Contractual Requirement: Providing account and payment information is necessary to create and maintain your FileCurator account and access paid features. If you choose not to provide this information, we will not be able to create or maintain your account or provide paid features.

3. Lawful Basis for Processing

Under UK GDPR, we process your personal data based on the following lawful bases:

  • Contract Performance: Account information, payment data, and file storage to provide our service
  • Legitimate Interest: Usage analytics and service improvement (where not overridden by your rights)
  • Legal Obligation: Compliance with tax, accounting, and other legal requirements
  • Consent: Marketing communications (where applicable)

4. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our service
  • Process transactions and send related information
  • Send technical notices and support messages
  • Monitor and analyze usage patterns

5. Information Sharing

We do not sell, trade, or otherwise transfer your personal information to third parties except as described in this privacy policy. We may share your information:

  • With service providers who help us operate our service
  • With advertising partners such as Google, for ad targeting (Customer Match). We share hashed identifiers (email, name, address). See Section 10 for details.
  • To comply with legal obligations
  • To protect our rights and safety

6. Data Security

We implement comprehensive technical and organizational measures to protect your personal information:

  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access with multi-factor authentication for administrative access
  • Infrastructure: Hosted on secure cloud infrastructure with regular security audits
  • Monitoring: Continuous monitoring and audit logging of data access
  • Data Processors: We have data processing agreements with all third-party processors (Supabase, Cloudflare, Stripe)

7. Data Retention

We retain personal data in accordance with the storage limitation principle (Article 5(e) UK GDPR):

  • Uploaded Files: Automatically deleted after 1-90 days based on your subscription plan and preferences (default 7 days, customizable up to 90 days for Pro users)
  • Account Data: Retained while your account is active and for 30 days after account closure
  • Payment Records: Retained for 7 years to comply with UK tax and accounting obligations
  • Usage Analytics: Anonymized after 12 months, deleted after 24 months

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a structured format
  • Right to Object: Object to processing based on legitimate interests
  • Rights Related to Automated Decision Making: Not to be subject to automated decisions (not applicable to our service)
  • Right to Withdraw Consent: Withdraw consent where processing is based on consent

How to Exercise Your Rights: Email us at hello@filecurator.co.uk. We will respond within one month (extendable by two months for complex requests). These rights are generally free of charge, though we may charge a reasonable fee for excessive or repetitive requests.

Right to Complain:You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe we have not handled your data properly.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to provide and improve our service. This includes both essential cookies (required for the service to function) and optional cookies (for analytics and performance monitoring).

  • Essential Cookies: Authentication, security, and core functionality (no consent required)
  • Analytics Cookies: Usage statistics and performance monitoring (consent-based). We present a cookie banner that allows you to accept or reject non-essential cookies. You can change your preferences at any time through the cookie settings.
  • Your Control: You can manage cookie preferences through our cookie banner or in your browser settings. Essential cookies cannot be disabled as they are required for the service to function.

10. Third-Party Services

Our service integrates with third-party services. These services have their own privacy policies.

  • Stripe: Payment processing. We do not store card details.
  • Google Ads:We share hashed customer data (email, first name, last name, country, postcode) with Google for Customer Match advertising. Data is hashed (SHA-256) before sharing. Where required by law (e.g. EEA and UK), we obtain your consent for this processing when you accept marketing cookies via our cookie banner. You can withdraw consent at any time via our cookie settings. We comply with Google's Customer Match policies and EU user consent policy.

11. International Data Transfers

We may transfer your personal data to countries outside the UK for processing by our service providers (such as cloud hosting services). Where we transfer personal data outside the UK, we rely on adequacy decisions or appropriate safeguards such as Standard Contractual Clauses (SCCs) to ensure your data is protected in accordance with UK GDPR requirements.

If you would like more information about international data transfers or a copy of the relevant safeguards we have in place, please contact us at hello@filecurator.co.uk.

12. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by posting the new policy on our website.

13. Contact Us

If you have any questions about this privacy policy, please contact us at hello@filecurator.co.uk.

← Back to Home