Privacy Policy

Last updated: 2026-05-06. chunk2u processes as little personal data as possible. Here is exactly what we store and why.

What data we collect

• Email address (hashed): Used to verify your identity via PIN and to link transfers to your account history. Stored as a one-way SHA-256 hash — we cannot read your actual address.
• IP address (hashed): Used for rate limiting to prevent abuse. Stored as a one-way hash — we cannot identify you from it.
• Files you upload: Stored temporarily on Swedish servers. Automatically and permanently deleted after the link expires.
• Contact form messages: Name, email and message text — stored to allow us to reply.

What we do NOT collect

• We do not use advertising trackers or third-party analytics
• We do not sell or share your data with third parties
• We do not store payment details (Paddle handles payments)
• We do not inspect file contents

Legal basis (GDPR)

Processing is based on: (a) performance of contract — to provide the transfer service you requested; (b) legitimate interest — to prevent abuse via rate limiting.

Retention periods

• Uploaded files: deleted after the link expiry period
• PIN verifications: deleted immediately after use
• Rate limit logs: deleted after 24 hours
• Contact messages: deleted after 12 months
• Account data: retained until you request deletion

Your rights

Under GDPR you have the right to:

• Request access to data we hold about you
• Request correction or deletion of your data
• Object to processing
• Lodge a complaint with your national data protection authority

To exercise your rights, contact us.

Data Controller