Skip to content
FileDigest
Create a digest

Privacy Policy

Last updated: 2026-04-27

1. Who we are

FileDigest (filedigest.app, "we", "us") is a service operated by an Italian sole proprietor ("ditta individuale") under regime forfettario. The data controller is the natural person registered under the corresponding Partita IVA. Contact: hello@filedigest.app.

2. What we collect

  • Account data: email, optional display name, enabled OAuth provider if used, Supabase user id.
  • Documents you upload: the files themselves and their content, processed into Markdown digests.
  • Usage events: token counts, page counts, processing duration, plan tier, timestamps.
  • Billing data: Stripe customer id, subscription status, last 4 of card (held by Stripe, not us).
  • Operational telemetry: request logs, error traces, IP address (truncated after 30 days).

3. How long we keep it

  • Source files (your uploads): deleted from object storage immediately after successful processing, unless you explicitly opt to retain them. (GDPR Article 5.1.c data minimization.)
  • Processed digests + IU72 artifacts: retained per plan — Free 7 days, Pro 30 days, Business 90 days.
  • Account + billing data: kept while your account is active + 13 months for tax/audit (Italian fiscal requirement).
  • Logs: 30 days. IP addresses truncated to /24 after 7 days.

4. Sub-processors and international transfers

We rely on the sub-processors listed below to host the app, process documents, send transactional email, and handle payments. Where data is transferred outside the EEA, we rely on the relevant provider agreements and transfer mechanisms available for that provider, such as DPF certification and/or standard contractual clauses where applicable. See the full list at /legal/sub-processors.

5. Your rights (GDPR)

  • Access: request a copy of all your data (via app or email).
  • Rectification: update profile information directly in Settings.
  • Erasure ("right to be forgotten"): delete your account and all associated data via Settings → Delete account, or by emailing us. Deletion is hard and irreversible.
  • Portability: export all your digests + metadata as a ZIP from Settings.
  • Object / restrict: contact us; we will stop processing where lawful.
  • Lodge a complaint: with the Garante per la protezione dei dati personali (Italian DPA).

6. Cookies

We use essential cookies only — Supabase Auth session and (during checkout) Stripe Checkout. No advertising cookies. No analytics cookies that require consent. No cookie banner needed under the e-Privacy Directive's "strictly necessary" exemption.

7. Lawful basis

Processing is based on Article 6.1.b GDPR (necessary for performance of the contract you entered when you created an account) and Article 6.1.f (legitimate interest in operational security and fraud prevention).

8. Changes

Material changes are announced by email at least 30 days in advance. Minor edits (typos, clarifications) are posted with an updated date.