Privacy Policy
This website and service are operated by Hristo Bogdanov as the data controller for personal data processed through Filemazing.
Name: Hristo Bogdanov
Email:
support@filemazing.com
Public location: EU (Bulgaria)
Roles under data protection law
For account, billing, and service operation data, we act as a data controller. For files you upload and process through the service, we act as a data processor on your behalf.
Who this policy applies to
This policy explains how we process personal data when you use Filemazing, including when you browse the site, create an account, upload files for processing, contact support, make a purchase, or use the API.
What data we collect
- Account data, such as email address, name, password hash, profile settings, and consent records.
- Files you upload for processing, including files you choose to import from supported third-party providers, stored temporarily.
- Session-related data such as IP address and user agent for security and authentication purposes.
- Technical and security data, such as IP-derived or abuse-prevention metadata, device/browser metadata, and session-related information.
- Payment and billing-related data required for purchases, subscriptions, and legal obligations.
- Support and contact message content you send to us.
- API key metadata, token usage records, and job history needed to operate the service. API keys are stored in hashed form and cannot be retrieved after creation.
Sessions and cookies
We use strictly necessary cookies for authentication, session management, login persistence, and security, including CSRF protection. We do not use analytics or advertising cookies in the current version of the service.
Why we use your data
- To provide the file conversion and related service features.
- To secure the service, prevent abuse, and troubleshoot issues.
- To process purchases, subscriptions, refunds, and related records.
- To reply to support or privacy requests.
- To comply with legal obligations.
Legal bases
- Service: Article 6(1)(b) GDPR - processing necessary to provide the service you request.
- Security: Article 6(1)(f) GDPR - legitimate interests in securing the service, preventing abuse, and protecting infrastructure.
- Legal compliance: Article 6(1)(c) GDPR - compliance with legal obligations.
- Marketing: Article 6(1)(a) GDPR - consent, where marketing is enabled.
Temporary file processing
Uploaded files are processed temporarily for the requested conversion or related job. Temporary files are deleted automatically on a short retention schedule. Systems are designed to enforce deletion within approximately 60 minutes under normal operation. Please do not use the service for long-term storage.
File privacy
Your files remain your property. Uploaded files may contain personal data, and such data is processed solely on your behalf for the purpose of providing the requested automated service. We do not access, read, or analyze your files beyond what is strictly necessary to perform the requested automated processing.
Files are automatically deleted on a short retention schedule and are typically removed within about 30 minutes and no later than about 60 minutes under normal operation.
Users are responsible for the content they upload. The service is not intended for long-term storage of personal or sensitive data.
Third-party integrations
You may choose to import files from supported third-party providers such as Google Drive and Dropbox. These integrations are optional and are used only when you explicitly choose them in the upload flow.
- We access only the files you choose to import for the requested processing operation.
- Imported files are processed in the same way as directly uploaded files and are subject to the same retention and deletion rules.
- When these integrations are used, the connector provider may receive connection request metadata such as IP address, user agent, and account or file-selection related metadata needed to complete the import.
- Use of these integrations is also subject to the provider's own terms and privacy policy.
Retention
- Temporary files: Temporary files are deleted automatically on a short retention schedule. Systems are designed to enforce deletion within approximately 60 minutes under normal operation.
- Account data: Account data is stored until account deletion or until it is no longer needed for service operation.
- Billing data: Billing and invoice-related data is retained as required by applicable law.
- Logs: Security and abuse-prevention logs are retained for up to 30 days unless longer retention is necessary to investigate abuse or protect the service.
- Support messages: Support and contact messages are retained for up to 6 months unless longer retention is necessary to resolve an ongoing issue.
Recipients and subprocessors
We use third-party providers only where needed to operate and deliver the service. In the current production setup, the active third-party provider is listed below.
| Provider | Purpose | Location | Transfer note |
|---|---|---|---|
| Lemon Squeezy | Payments, checkout, subscription management, billing-related transaction handling | United States | May involve transfers outside the EU/EEA |
| Google Drive | User-initiated file import for processing | United States | May involve transfers outside the EU/EEA |
| Dropbox | User-initiated file import for processing | United States | May involve transfers outside the EU/EEA |
International transfers
Some providers may process data outside the EU/EEA. Where that happens, we rely on appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms provided by the service provider.
Security
We use appropriate technical and organizational measures to protect your data, including secure data transfer, controlled processing environments, access controls, and deletion workflows for temporary artifacts.
Your rights
Depending on your situation, you may have rights to access, correct, delete, restrict, object to certain processing, or request a copy of your data. You may also withdraw consent where processing is based on consent.
To exercise privacy rights, email support@filemazing.com .
Complaints
You can also lodge a complaint with the Bulgarian supervisory authority: Commission for Personal Data Protection (Bulgaria) .
Changes
We may update this policy from time to time. The latest version published on this page applies.