1. Who we are
The Service is operated by OTSHARE. If we publish a contact email for privacy requests, you may use it to reach us regarding this Policy.
2. What the Service does
OTSHARE lets you share files or text for a limited time using a pickup code, optional unlock link, or QR code. Recipients can retrieve content in the browser. You do not need a user account to use the core sharing features.
3. Information we collect
3.1 Content you upload. When you create a share, we store the file or text content you provide, along with metadata needed to operate the Service (for example: original filename where applicable, size, MIME type, expiry time, and limits on how many times the share can be unlocked).
3.2 Pickup codes and tokens. We derive secure identifiers (for example, short IDs and hashed pickup codes, and one-time download tokens) so that only people with the correct code or link can access a share. We do not intend to expose raw secrets in URLs longer than necessary; unlock links may remove the code from the address bar after load where implemented.
3.3 Technical and security data. Like most websites, our servers and infrastructure may process:
- IP addresses and request metadata (for example to enforce rate limits, prevent abuse, and diagnose errors)
- Timestamps and operational logs needed to run and secure the Service
- Session identifiers if we use server-side sessions (for example for administrative areas separate from public sharing)
3.4 Analytics (optional). In production we may load Google Analytics 4 only after you accept analytics via our consent banner. If you decline, we do not load GA4 as implemented on the site. Acceptance may be stored in your browser’s local storage to remember your choice. GA4 may process usage data according to Google’s policies; we configure IP anonymization where supported.
3.5 Accounts. The public sharing flow does not require you to create an account. Optional or administrative features (if enabled) may use separate authentication and logging.
4. How we use information
We use the information above to:
- Provide, host, and deliver shares and pickup-code redemption
- Enforce expiry, download limits, and abuse protections (including temporary lockouts after repeated failed attempts where implemented)
- Maintain security, prevent fraud and misuse, and comply with law
- Understand aggregate usage and improve the Service when you consent to analytics
5. Retention and deletion
Shares are temporary by design. Content and associated metadata are retained until the share expires, is fully consumed according to your limits, or is removed by automated purge or administrative processes. After deletion, residual backups may persist for a limited period depending on hosting configuration.
6. Sharing with third parties
We use infrastructure providers (for example hosting and storage) to operate the Service. If you consent to analytics, Google may process analytics data as described in their policies. We do not sell your personal information as a commodity; we use service providers to run the site.
7. Security
We implement reasonable technical and organizational measures appropriate to the Service (including HTTPS in production, access controls for administrative tools, and secure handling of secrets). No method of transmission or storage is 100% secure; use the Service for content whose sensitivity matches your own risk assessment.
8. Your rights
Depending on where you live, you may have rights to access, correct, delete, or restrict processing of personal data, or to object to certain processing. Because the Service is built around temporary shares without a general user profile, many requests may be limited to what we can verify from logs or remaining records.
9. Children
The Service is not directed at children under 13 (or the minimum age in your jurisdiction). Do not upload content about children or encourage minors to share personal information through the Service.
10. International users
If you access the Service from outside the country where our servers or processors are located, your information may be processed in those regions. By using the Service, you understand that cross-border transfer may occur as needed to operate the Service.
11. Changes
We may update this Privacy Policy from time to time. The “Last updated” date at the top will change when we do. Continued use of the Service after changes means you accept the updated Policy.
12. Disclaimer
This document is provided for transparency. It is not a substitute for professional legal advice. If you need certainty for compliance (for example GDPR, CCPA, or sector-specific rules), consult a qualified attorney in your jurisdiction.