PRIVACY_POLICY v1.0

> Last Updated: March 11, 2025

At VaporLink, we are committed to being a transparent and secure bridge for your data. This Privacy Policy outlines how we handle the minimal information required to operate our zero-knowledge, temporary file sharing service.

[ 01_DATA_COLLECTION ]

VaporLink is designed with "Privacy by Design" principles. We collect the absolute minimum data needed to facilitate secure file transfers:

• Temporal Storage IDs: Randomly generated unique identifiers to link files to access tokens.
• File Metadata: We record the filename, file size, and MIME type to display correct download information to recipients.
• Expiration Timestamps: Used to trigger the automatic 24-hour vaporization protocol.

[ 02_DATA_PROCESSING_&_SUBPROCESSORS ]

To maintain high availability and security, we utilize industry-leading sub-processors. These entities only process data according to our strict instructions:

• Clerk: Handles user authentication, session management, and profile security for registered users.
• Convex: Provides our backend infrastructure and real-time database where metadata is stored before vaporization.
• Vercel: Hosts our frontend and provides edge analytics and CDN services for global file delivery.

[ 03_FILE_VAPORIZATION_PROTOCOL ]

All uploaded files are governed by a strict **24-hour TTL (Time-To-Live)**. - Exactly 24 hours after the upload is completed, the link is deactivated. - The underlying file blocks are purged from our edge storage nodes. - Metadata is removed from our database.**Note:** We do not maintain any backups, "version history," or shadow copies of expired data.

[ 04_COOKIES_&_IDENTIFIERS ]

We use strictly necessary cookies to maintain secure sessions. We do not use tracking pixels, marketing cookies, or fingerprinting technologies to build user profiles for advertisers. Your privacy is not for sale.

[ 05_GDPR_&_USER_RIGHTS ]

Although our data retention is naturally limited by the 24-hour rule, we respect all international privacy standards (GDPR, CCPA). You have the right to request the immediate erasure of any data associated with your account through your Dashboard.