Data Processing Agreement (DPA)
Aligned with GDPR Article 28. This text describes Filarr’s commitments when processing data on behalf of a business customer. A signed copy is available on request at contact@filarr.com.
1. Parties and roles
This agreement governs the processing of personal data by Filarr (published by Mathis Belouar-Pruvot, the "Processor") on behalf of the business customer (the "Controller") in connection with the use of the Filarr Send / File Request / Teams services. It supplements the Terms of Service and the Privacy Policy.
2. Subject matter, duration, nature and purpose
Subject matter: the transfer and collection of end-to-end-encrypted files and associated metadata. Duration: the term of the service contract. Nature and purpose: to host encrypted files (unreadable by the Processor) and their metadata so the Controller and its correspondents can share or collect them.
3. Categories of data and data subjects
Data processed: file content (encrypted, opaque to the Processor); technical metadata (timestamps, size, view counts, country and /16 subnet — never the full IP, which is only retained as a hash); for accounts: email address and billing data. Data subjects: the Controller’s users and their correspondents (depositors/recipients).
4. Processor obligations
The Processor: (a) processes data only on the Controller’s documented instructions; (b) ensures the confidentiality of persons authorized to process; (c) implements the security measures in Section 7; (d) assists the Controller in responding to data-subject rights requests; (e) assists with breach notification and, where applicable, impact assessments; (f) deletes or returns the data at the end of the contract; (g) immediately informs the Controller if it considers that an instruction infringes the GDPR or other applicable data-protection law.
5. Sub-processors
The Controller authorizes the use of the sub-processors listed publicly, kept up to date, on the Sub-processors page. The Processor gives notice before adding or replacing any sub-processor and allows objection. It imposes equivalent protection obligations on each sub-processor.
6. International transfers
Encrypted files are stored in the European Union (Cloudflare R2, Frankfurt). Where a sub-processor is established outside the EU, the transfer is governed by the European Commission’s Standard Contractual Clauses. For file content, end-to-end encryption means no transfer concerns readable data.
7. Technical and organizational measures
End-to-end file encryption (AES-256-GCM) with keys generated and held client-side; the key never transits the server in clear. Share passwords derived via Argon2id (brute-force-resistant). Encryption in transit (TLS). Data isolation per account/organization. Minimization: IP addresses retained only as a hash; location reduced to country and /16 subnet. Short retention and automatic expiry of shares. Revocation and real deletion of storage objects. Metadata-only audit logs.
8. Personal data breach
The Processor notifies the Controller without undue delay after becoming aware of a breach affecting data processed on its behalf, and provides the information needed for the Controller to meet its own notification obligations.
9. Audit
The Processor makes available the information necessary to demonstrate compliance with GDPR Article 28 and allows reasonable audits, on notice, while preserving the confidentiality and security of other customers.
10. Deletion and return
At the end of the contract, and at the Controller’s choice, the Processor deletes or returns the data, and deletes existing copies, unless legally required to retain them. Shares expire and are deleted automatically.