BitterDisk

Privacy Policy

Updated July 8, 2026

This policy explains what BitterDisk collects and why. We keep as little as possible, and files are ephemeral by design.

What we collect

  • Files you upload, temporarily, to deliver them to whoever has the code.
  • File metadata — name, size, and content type — and the short code and share record needed to serve the transfer.
  • A sender token stored in your own browser (cookie / local storage) so you can add files to your own transfer; and an owner token you keep to manage it.
  • Your IP address, used for rate-limiting, preventing abuse, and responding to legal requests.
  • Basic analytics via Google Analytics (GA4) — for example page views and whether a transfer was created or purchased. See Google's privacy terms.
  • Payment information, if you buy a Transfer Pass, handled by Stripe through BitterCheckout. We do not receive or store your card details.

How we use it

To operate the transfer, enforce limits, prevent and investigate abuse, process payments, and comply with the law. We do not sell your personal information.

Retention

Files and their metadata are deleted automatically, normally within 24 hours (up to 72 hours for a paid Transfer Pass), and on request or on removal. We may retain limited logs and abuse reports longer as needed to run the service, prevent abuse, and meet legal obligations.

Who we share it with

Service providers that make BitterDisk work — Cloudflare (hosting and storage), Google Analytics (measurement), and Stripe / BitterCheckout (payments) — and law enforcement or other parties when we believe disclosure is required or appropriate. We do not sell data or use it for advertising.

Your choices

Because transfers are short-lived, the simplest control is to let a transfer expire or ask us to remove it. You can block analytics and cookies in your browser. For access or deletion requests, contact abuse@bitterdisk.com. BitterDisk is not directed to children and we do not knowingly collect information from children under 13.