Privacy Policy

Last updated: March 2026

1. Data Controller

The data controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws as well as other data protection provisions is:

Fairsend GmbH
Beim Braunstall 7
97980 Bad Mergentheim
Germany
Phone: +49 7931 9680271
Email: info@fairsend.de
Managing Director: Josef Weinmann

2. General Information on Data Processing

We process personal data of our users only to the extent necessary to provide a functional platform and our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies in cases where prior consent cannot be obtained for practical reasons and the processing of data is permitted by law.

3. Legal Basis for Processing

Art. 6(1)(a) GDPR — Consent of the data subject.
Art. 6(1)(b) GDPR — Performance of a contract or pre-contractual measures.
Art. 6(1)(c) GDPR — Compliance with a legal obligation.
Art. 6(1)(f) GDPR — Legitimate interests, provided that the interests or fundamental rights of the data subject do not prevail.

4. Deletion and Storage Duration

Personal data will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may continue beyond this if provided for by European or national legislators in EU regulations, laws, or other provisions to which the controller is subject (e.g., commercial and tax retention obligations pursuant to § 147 AO, § 257 HGB).

5. Server Log Files

The provider of the pages automatically collects and stores information in server log files that your browser automatically transmits to us:

— IP address (anonymized after 30 days)
— Date and time of the request
— Requested page or file name
— Referrer URL (previously visited page)
— Browser and operating system used
— Amount of data transferred

This data cannot be attributed to specific persons. A combination of this data with other data sources is not carried out. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the security and stability of the system).

6. User Account / Registration

During registration, we collect: first and last name, email address, password (stored as bcrypt hash). Optionally: profile picture, company. Data is stored for contract performance (Art. 6(1)(b) GDPR) and deleted immediately upon account deletion, subject to statutory retention obligations.

7. File Transfer (Core Function)

Fairsend enables the secure transfer of files. All files are encrypted client-side in the sender's browser using AES-256-GCM before they reach our servers. The decryption key is transmitted exclusively via the URL fragment (#) and never reaches our servers.

We have no technical ability to view, analyze, or filter the content of transferred files. After expiration of the retention period determined by the user or the plan, the encrypted files are automatically and irretrievably deleted.

In the context of a transfer, we process: sender email, recipient email(s), tracking ID, timestamp, file size (encrypted), expiration date, IP address (for abuse detection). The file contents themselves are not accessible to us.

8. Email Communication

We send exclusively transactional emails (verification codes, delivery notifications, proof of delivery, account notifications) via our own mail server hosted in Germany. No external email service providers are used. No newsletters are sent without explicit consent.

9. Payment Processing

Payments are processed through Mollie B.V. (Keizersgracht 126, 1015 CW Amsterdam, Netherlands). Mollie is a PCI-DSS Level 1 certified payment service provider. Credit and bank data is processed exclusively by Mollie and never reaches our servers. Legal basis: Art. 6(1)(b) GDPR (contract performance). Mollie privacy policy: https://www.mollie.com/privacy

10. Hosting and Server Location

Our servers are operated exclusively in Germany (weinmann-edv GmbH & Co. KG). No transfer of personal data to third countries takes place. No external CDNs, cloud services, or content delivery networks are used. All resources (JavaScript, CSS, fonts) are served from our own servers.

11. Cookies and Tracking

We use exclusively technically necessary cookies:

— Session cookie (fs_session): Login session, deleted upon logout
— Theme cookie (fs_theme): Stores preferred display mode (light/dark)
— Language cookie (fs_lang): Stores chosen language
— Accessibility cookies (fs_fontsize, fs_contrast, etc.): Store individual settings

We use no tracking, advertising, or marketing cookies. No data is transmitted to Google Analytics, Facebook, or any other third parties. For platform usage analysis, we use self-hosted Matomo, whose data never leaves our servers. IP addresses are anonymized in the process.

12. No Disclosure to Third Parties

Personal data is not transmitted to third parties, except:

— For payment processing to Mollie B.V. (see Section 9)
— In case of legal obligation (e.g., by order of law enforcement authorities)
— To protect legitimate interests in case of suspected abuse

No sale, trade, or other disclosure of personal data to third parties for advertising or marketing purposes takes place and will not take place in the future.

13. Your Rights as a Data Subject

You have the following rights regarding your personal data:

— Right of access (Art. 15 GDPR): You may request information about your data stored by us.
— Right to rectification (Art. 16 GDPR): You may request correction of inaccurate data.
— Right to erasure (Art. 17 GDPR): You may request deletion of your data, provided no statutory retention obligations apply.
— Right to restriction of processing (Art. 18 GDPR): You may request restriction of processing.
— Right to data portability (Art. 20 GDPR): You may receive your data in a machine-readable format.
— Right to object (Art. 21 GDPR): You may object to the processing of your data.
— Right to withdraw consent (Art. 7(3) GDPR): You may withdraw consent at any time.

To exercise your rights, please contact: info@fairsend.de

Additionally, you can export your data at any time or completely delete your account via the account settings.

14. Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data. The supervisory authority responsible for us is:

The State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg
Lautenschlagerstraße 20
70173 Stuttgart
www.baden-wuerttemberg.datenschutz.de

15. Data Security

We employ comprehensive technical and organizational measures to protect your data:

— End-to-end encryption of all file transfers (AES-256-GCM)
— TLS encryption of all platform communications
— Password hashing with bcrypt (cost factor 12)
— CSRF protection on all forms
— Rate limiting against brute-force attacks
— Automatic deletion of files after retention period expiry
— No external CDNs, trackers, or third-party scripts whatsoever
— Server location exclusively in Germany
— Regular security audits and updates

16. Changes to This Privacy Policy

We reserve the right to occasionally update this privacy policy to ensure it always complies with current legal requirements or to implement changes to our services. Your subsequent visit will then be subject to the new privacy policy.