Privacy Policy

Effective Date: January 15, 2025

This document is provided for informational purposes. While we strive for accuracy, this does not constitute legal advice. For legal questions, consult a qualified attorney.

1. Introduction

VStorage ("we," "us," "our") is committed to protecting your privacy. This concept is designed around Swiss data protection principles, which provide some of the strongest privacy protections in the world.

This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data. By using VStorage, you agree to this Privacy Policy.

Contact us about privacy: privacy@vstorage.ch

2. Information We Collect

2.1 Account Information

  • Email address (encrypted at rest)
  • Account creation date
  • Subscription plan type
  • Payment information (processed by our payment processor, not stored on our servers)

2.2 File Storage

  • Encrypted audio files (WAV, FLAC, ALAC, AIFF)
  • We CANNOT access file content due to zero-knowledge encryption
  • We only see encrypted bytes - the content is mathematically inaccessible to us
  • File metadata is encrypted

2.3 Usage Information (Minimal)

  • Total storage used (aggregate number only, not file details)
  • Account login timestamp (last login only)
  • API usage counts (for rate limiting purposes)

2.4 Technical Information (Temporary - 24 Hours Only)

  • IP address (security/fraud prevention, automatically deleted after 24 hours)
  • Failed login attempts (fraud prevention, 24-hour retention)
  • Device type (browser user agent, not stored, used for compatibility only)

2.5 Information We DO NOT Collect

We deliberately do NOT collect:

  • File names, content, or metadata
  • Listening or playback activity
  • Download patterns
  • Search queries
  • Location data
  • Analytics or tracking data
  • Device fingerprints

3. How We Use Your Information

3.1 Service Provision

  • Provide cloud storage service
  • Authenticate your account
  • Process payments
  • Provide customer support

3.2 Security

  • Prevent fraud and abuse
  • Detect security threats
  • Maintain service integrity
  • All security logs deleted after 24 hours

3.3 Communications

  • Service announcements (outages, maintenance)
  • Support responses
  • Billing notifications
  • No marketing emails (ever)

3.4 Legal Compliance

  • Comply with Swiss law
  • Respond to valid legal requests (Swiss legal process only)
  • Note: Zero-knowledge architecture means we cannot provide file content, even under legal compulsion

4. Zero-Knowledge Architecture

4.1 What It Means

Zero-knowledge architecture means we mathematically cannot access your files:

  • Files are encrypted on your device BEFORE upload
  • Encryption keys never transmitted to our servers
  • We cannot decrypt your files, even if we wanted to
  • Even under legal compulsion, we have no technical access

4.2 Technical Implementation

  • AES-256-GCM encryption (client-side, in your browser)
  • PBKDF2 key derivation with 100,000 iterations
  • Keys derived from your password on your device
  • Only encrypted data stored on our servers

4.3 Implications

  • You are responsible for password security
  • Lost password = lost data (we cannot recover your files)
  • We cannot see your file names or content
  • Maximum privacy and security for your recordings

5. Data Storage and Security

5.1 Data Location

  • Primary data center: Zurich, Switzerland
  • Backup data center: Geneva, Switzerland
  • Never stored outside Switzerland
  • Swiss data protection principles apply

5.2 Security Measures

  • AES-256-GCM encryption at rest
  • TLS 1.3 encryption in transit
  • 24/7 security monitoring
  • Regular security audits and penetration testing
  • Physical security (biometric access, video surveillance)

5.3 Backups

  • Triple redundancy (3× copies in separate racks)
  • All backups encrypted
  • Geographic separation (Zurich/Geneva)
  • 30-day retention for deleted files (recovery period)
  • Permanent deletion after 30 days

6. Data Sharing and Disclosure

6.1 No Third-Party Sharing

We do NOT share, sell, or rent your data. Period.

  • No advertising partners
  • No analytics providers
  • No data brokers
  • No third-party access to your files

6.2 Service Providers (Limited)

We work with minimal service providers:

  • Payment processing through secure third-party providers
  • Infrastructure provider (Swiss data center)
  • All providers under strict Data Processing Agreements (DPAs)

6.3 Legal Requests

  • Only respond to valid Swiss legal process
  • Will fight overly broad requests
  • Will notify you if legally permitted
  • Zero-knowledge means we cannot provide file content

7. Your Rights (GDPR & Swiss Data Protection)

You have the following rights regarding your data:

7.1 Right to Access

Request a copy of all your data. Export your files at any time.

7.2 Right to Rectification

Correct inaccurate account information.

7.3 Right to Erasure (Right to be Forgotten)

  • Delete your account and all data
  • Permanent deletion within 7 days
  • Purged from all backups within 30 days

7.4 Right to Data Portability

Download all your files in standard formats (no proprietary lock-in).

7.5 Right to Restrict Processing

Pause your account (data not deleted, just processing restricted).

7.6 Right to Object

Object to any data processing. We will comply or explain our legal obligation to continue.

8. Data Retention

8.1 Active Account

  • Files: Until you delete them
  • Account info: Until account deletion
  • Logs: 24 hours only (automatically purged)

8.2 Deleted Files

  • 30-day recovery period
  • Permanent deletion after 30 days
  • Purged from all backups

8.3 Closed Account

  • All data deleted within 7 days
  • Permanent, irreversible deletion
  • No "shadow" copies retained

9. Cookies and Tracking

9.1 Cookies We Use

  • Session cookie (login only, deleted on logout)
  • No tracking cookies
  • No advertising cookies
  • No analytics cookies

9.2 Do Not Track

We respect Do Not Track (DNT) signals. Though we don't track by default anyway.

10. International Transfers

10.1 Data Location

  • All data stored in Switzerland only
  • Never transferred internationally
  • Swiss privacy laws apply exclusively

10.2 EU Customers

  • Swiss adequacy decision (GDPR-aligned)
  • Switzerland provides higher privacy standard than EU minimum

11. Children's Privacy

  • Service not intended for users under 18
  • If under 18, must have parental consent
  • We don't knowingly collect data from minors

12. Changes to Privacy Policy

  • We may update this policy as our service evolves
  • Material changes: 30 days notice via email
  • Continued use after changes = acceptance
  • You can always close your account if you disagree

13. Contact Us

Privacy Questions: privacy@vstorage.ch

Data Protection Officer: dpo@vstorage.ch

PGP Key: Available upon request

Last Updated: January 15, 2025