Privacy Policy

Last updated: 1 March 2026

This Privacy Policy explains how Uploaderly ("we", "us", or "our") collects, uses, and protects personal data when you use our Service. We are committed to handling your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

Uploaderly operates the file-upload platform available at uploaderly.com. For data protection purposes we are the data controller for merchant account data, and a data processor for end-customer files uploaded through your Squarespace store.

2. Data We Collect

Merchant account data (collected when you register and use the Service):

• Name and email address
• Billing information (processed by Stripe — we never store card details)
• Site domain(s) and API keys
• Usage data: upload counts, storage used, login timestamps

End-customer data (collected when your customers upload files through your store):

• Uploaded files and their metadata (filename, size, MIME type)
• Order information linked to uploads (order ID, customer name, customer email, order total) — provided by Squarespace at checkout
• Page URL and session identifiers used to associate files with orders

Technical data (collected automatically):

• IP addresses and HTTP request logs (for rate limiting and security)
• SDK diagnostic reports (browser user-agent, SDK version, error events) — only stored when warnings or errors occur

3. How We Use Your Data

• To provide, maintain, and improve the Service
• To process payments and manage subscriptions
• To enforce storage and upload quotas
• To send transactional emails (account registration, password reset, payment receipts)
• To investigate abuse, security incidents, and technical issues
• To comply with legal obligations

We do not sell your data or your customers' data to third parties. We do not use uploaded files for any purpose other than providing the Service.

4. Legal Basis for Processing (UK GDPR)

• Contract performance — processing necessary to deliver the Service you have subscribed to
• Legitimate interests — security monitoring, fraud prevention, and service improvement
• Legal obligation — retaining billing records as required by law

5. Third-Party Services

We share data with the following sub-processors:

• Stripe — payment processing. Stripe's privacy policy applies to payment data: stripe.com/gb/privacy
• Cloudflare / Amazon Web Services — cloud file storage (Cloudflare R2 or AWS S3). Files are encrypted at rest and in transit.
• DigitalOcean — hosting infrastructure for our application servers

All sub-processors are required to handle data securely and in accordance with applicable data protection law.

6. Data Retention

• Uploaded files are retained for the period set by your plan (30, 90, or 365 days) and then permanently deleted.
• Order and customer metadata associated with uploads is retained for 12 months after the upload expires, then deleted.
• Account data is retained for the duration of your subscription and for up to 90 days after account closure, after which it is deleted.
• Billing records are retained for 7 years to comply with financial regulations.
• Diagnostic reports are retained for 30 days.

7. Cookies and Local Storage

Our dashboard uses session cookies for authentication. The Uploaderly JavaScript SDK uses localStorage in your customers' browsers solely to associate uploaded files with their current shopping session. No tracking or advertising cookies are set by our SDK.

8. Your Rights

Under UK GDPR you have the right to:

• Access the personal data we hold about you
• Rectify inaccurate data
• Erase your data ("right to be forgotten"), subject to legal retention obligations
• Restrict or object to certain processing
• Data portability — receive your data in a structured, machine-readable format
• Withdraw consent where processing is based on consent

To exercise any of these rights, please email hello@uploaderly.com. We will respond within 30 days.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

9. Security

We implement appropriate technical and organisational measures to protect your data, including TLS encryption in transit, encryption at rest for stored files, and access controls limiting who can view customer data. However, no system is completely secure and we cannot guarantee absolute security.

10. Children

The Service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you by email or in-app notice before material changes take effect. The "last updated" date at the top of this page reflects the most recent revision.

12. Contact

For privacy-related questions or to exercise your rights, contact us at hello@uploaderly.com.