Product
Transfer Files Speed test Leaderboard
Developers
API Integrations
Pricing
Company
Features Security About Contact
Log in Sign up
Legal

GDPR & Data Protection

Last updated: January 15, 2026

Trinsfer was built in the EU and is fully compliant with the General Data Protection Regulation (GDPR — Regulation (EU) 2016/679). This page summarises your rights and explains how to exercise them.

On this page

  1. 1. Data controller
  2. 2. Legal bases for processing
  3. 3. Your rights
  4. 4. International transfers
  5. 5. Sub-processors
  6. 6. Data Protection Impact Assessment (DPIA)
  7. 7. Data breach notification
  8. 8. How to exercise your rights
  9. 9. Data Protection Officer

1. Data controller

Trinsfer Labs is the data controller for all personal data processed through trinsfer.com. Contact: privacy@trinsfer.com.

2. Legal bases for processing

We rely on the following legal bases under Article 6 GDPR:

  • Contractual necessity (6.1.b) — to provide accounts, store transfers and process payments.
  • Legal obligation (6.1.c) — to keep invoicing records and respond to court orders.
  • Legitimate interest (6.1.f) — to secure the service against abuse, fraud and DDoS attacks. We have balanced this interest against your rights and freedoms.
  • Consent (6.1.a) — for non-essential communications such as product newsletters; you can opt out at any time from your dashboard.

3. Your rights

You have the following rights regarding your personal data:

  1. Right of access — request a copy of all data we hold about you.
  2. Right to rectification — fix inaccurate or incomplete data.
  3. Right to erasure ("right to be forgotten") — delete your account and associated personal data. You can do this yourself from Dashboard → Settings → Delete account, or email us.
  4. Right to restriction — temporarily pause processing while a dispute is resolved.
  5. Right to data portability — receive your data in a structured, machine-readable format (JSON export).
  6. Right to object — to processing based on legitimate interest or for direct marketing.
  7. Right not to be subject to automated decisions — Trinsfer does not perform automated decision-making with legal effects on users.
  8. Right to lodge a complaint — with the data-protection authority of your EU country of residence.

4. International transfers

Some of our sub-processors (e.g., Cloudflare, PayPal) operate outside the EEA. When personal data leaves the EEA, we rely on the European Commission's Standard Contractual Clauses (SCCs, Decision 2021/914) and, where applicable, supplementary measures such as encryption in transit.

5. Sub-processors

The current list of sub-processors is published on our Privacy Policy. We will notify registered users 30 days before any material change.

6. Data Protection Impact Assessment (DPIA)

We maintain an internal DPIA covering the high-risk processing activities of Trinsfer (notably large-scale file hosting). The DPIA is available on request for data-protection authorities, auditors and Enterprise customers under NDA.

7. Data breach notification

If a data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and, where the risk is high, inform affected users directly, in accordance with Articles 33-34 GDPR.

8. How to exercise your rights

Email privacy@trinsfer.com from the address registered on your account. We respond within 30 days, free of charge, except in case of manifestly unfounded or excessive requests, where we may charge a reasonable fee or refuse to act, in line with Article 12(5) GDPR.

9. Data Protection Officer

Although Trinsfer is not required by law to appoint a DPO, we have a Data Protection Lead reachable at dpo@trinsfer.com for any inquiry.

Questions about this document? Email us at legal@trinsfer.com.