Privacy Policy
Last updated: February 16, 2026
Introduction
DGR Inc. We operate the DGR file protection platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.
Information We Collect
Account Information
- Email address (required for account creation)
- Password (encrypted with bcrypt)
- Subscription tier and payment information (processed by Stripe)
File Data
- Files you upload (encrypted with AES-256-GCM)
- File metadata (name, size, type, creation date)
- Protection settings (max copies, decay rate, watermark text)
- Per-file encryption keys (stored securely, separate from files)
Usage Data
- Access logs (timestamp, IP address, user agent, download type)
- API usage (endpoints called, response times)
- Storage and bandwidth usage
How We Use Your Information
- Provide the Service: Encrypt, store, and serve your files with protection applied
- Authentication: Verify your identity and authorize access
- Billing: Process payments and manage subscriptions via Stripe
- Access Control: Log download events and apply degradation to unauthorized copies
- Analytics: Monitor system performance and usage patterns
- Security: Detect and prevent abuse, fraud, and unauthorized access
- Support: Respond to your questions and troubleshoot issues
Data Security
- Encryption at Rest: All uploaded files are encrypted with AES-256-GCM using unique per-file keys
- Encryption in Transit: All data transmission uses TLS 1.3
- Password Security: Passwords are hashed using bcrypt with 12 rounds
- Key Management: Encryption keys are stored separately from encrypted data
- Access Control: JWT-based authentication with 30-day expiration
- Infrastructure: Hosted on Railway with SOC 2 Type II certified infrastructure
Data Sharing and Disclosure
We do not sell, trade, or rent your personal information. We may share data only in these circumstances:
- Service Providers: Stripe for payment processing, Railway for hosting
- Legal Requirements: When required by law or to protect our rights
- Business Transfers: In case of merger, acquisition, or sale of assets
- With Your Consent: When you explicitly authorize sharing
Your Rights
- Access: Request a copy of your data
- Correction: Update incorrect or incomplete data
- Deletion: Delete your account and all associated data
- Export: Download your files and metadata
- Opt-Out: Unsubscribe from marketing emails
- Portability: Transfer your data to another service
Data Retention
- Active Accounts: Data retained while your account is active
- Deleted Accounts: Files and personal data deleted within 30 days
- Access Logs: Retained for 90 days for security and debugging
- Billing Records: Retained for 7 years per tax regulations
Cookies and Tracking
We use minimal cookies:
- Authentication: JWT tokens stored in localStorage
- Analytics: Basic usage analytics (no third-party trackers)
- Preferences: UI settings and language preferences
We do not use advertising cookies or share data with ad networks.
Children's Privacy
Our service is not directed to individuals under 18. We do not knowingly collect personal information from children.
International Transfers
Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place through Standard Contractual Clauses and adherence to data protection frameworks.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through the service. Continued use after changes constitutes acceptance of the updated policy.