Regulation (EU) 2016/679, the General Data Protection Regulation (“GDPR”), is the European privacy legislation that took effect on May 25, 2018. It replaced the former EU member state laws that implement the EU Data Protection Directive, which has been in existence since 1995.

GDPR & Filecamp

Our users’ privacy and individual rights are very important to us. Filecamp meets all the GDPR data security requirements.

Information we store on our customers

All existing and future employees responsible for software development, design, and infrastructure maintenance of Filecamp AG are aware of the GDPR requirements.

When a user registers and opts-in, he/she needs to fill out their: Email, First name, Last name. We also collect information such as IP address (to determine the country of origin), billing information, and VAT details (if required).

Information we store on our customers' users

We may collect and store information from your end-users (subscribers) regarding their use of your Filecamp site. Information such as pages visited, links clicked, non-sensitive text entered, mouse movements, as well as information more commonly collected, such as his/her IP address, referring URL, browser, operating system, cookie information, device, and any other information from the visitor regarding his/her use of your Filecamp.

If you invite new users to your Filecamp site, we store first name, last name, and email address (username) as provided by the user. This information is used to give your users access to your Filecamp. Your Filecamp administrators can choose to delete and edit this information manually.

You can easily control which users are allowed to view, share, and download files from your Filecamp.

It is important to mention that: Filecamp does NOT share your users’ information with 3rd party tools unless you consent and integrate it from your side. Also, Filecamp DON’T uses this data for advertising, analytics or any other revenue model.

Individual rights

The right to be informed: we inform our users about the use that will be made of their data. The right of access: our users (Administrators) can access all their data from their Filecamp. The right of rectification: our users can update their information anytime they need through their profile page or from the Users control panel. The right of erasure: Our users can request to delete their account and all the information related to it by emailing us at
The right to restrict processing: We have processes in place to ensure that we respond to a request for restriction without undue delay and within one week of receipt. We have appropriate methods in place to indicate and restrict the processing of personal data on our systems. The right to data portability: Our users may contact us anytime if they wish to get an export of their data. In most cases, our users can download their data themselves directly from their Filecamp. We have processes in place to ensure that we respond to a request for data portability without undue delay and within one week of receipt.

Data Processing Agreement (DPA)

You are always welcome to contact and ask for our DPA (Data Processing Agreement). You can email it to us once you signed it, then we'll sign it and send it back to you.

3rd parties tools and services we use

We use platforms and tools like Google Cloud Platform, Zendesk, Stripe, and MailChimp.

We will add more platforms in the future.

Data Breaches

A personal data breach refers to a violation of security that can lead to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

We thrive on keeping our users’ information safe and reporting certain types of data breaches to the relevant supervisory authority within 72 hours. We also understand we must inform affected individuals without undue delay.

We take our users’ data, business information, and system security very seriously. These are a few implemented procedures and methods that we carry:

  • We use 2-Factor-Authentication on our sensitive accounts (e.g., hosting provider, etc.)
  • Access to our server systems is allowed only from specific IP addresses
  • We have systems in place to continually monitor server activities.