Privacy Policy

Last Updated: April 2026

                🇨🇦 Canadian Privacy Commitment: FileWalla Controlled Delivery is a Canadian company committed to protecting your privacy while maintaining legal compliance with Canadian law. We use server-side encryption to balance security with our responsibility to prevent criminal abuse.            

1. Information We Collect

We collect the following information:

Account Information: Email address, username, password (Bcrypt hashed), group number
Payment Information: Processed securely by Stripe (we do not store credit card details)
File Data: Files you upload (encrypted with AES-256-CBC), filenames, file sizes, upload timestamps
Usage Data: Login history, IP addresses, browser information, audit logs
Messages: Encrypted messages you send within groups

2. How We Use Your Information

We use your data to:

Provide secure file sharing and group collaboration services
Process payments and manage subscriptions
Send account notifications and service updates
Maintain platform security and prevent abuse
Comply with legal obligations and law enforcement requests
Scan files for illegal content (CSAM, pirated material, etc.)

3. Server-Side Encryption & Access

                Important: FileWalla uses server-side encryption (NOT end-to-end encryption). This means:                Your files are encrypted and protected from unauthorized access
Our administrators CAN access files when legally required
We scan files for illegal content to protect our platform and comply with law
We cooperate with law enforcement investigations when legally required

            

4. Data Sharing & Disclosure

We may share your information:

With Law Enforcement: When legally required by court order or to report illegal content
With Authorities: To report CSAM to NCMEC, Cybertip.ca, and Canadian law enforcement
With Service Providers: Stripe (payments), email providers, hosting providers
Never Sold: We NEVER sell your data to third parties

5. Data Retention & Deletion

Files are automatically deleted after 14 days (Advanced) or 30 days (Premium+)
Messages are automatically deleted after the same retention period
Account data is retained while your subscription is active
Audit logs may be retained for legal compliance purposes
You can request account deletion at any time via support@filewalla.ca

6. Security Measures

We protect your data with:

AES-256-CBC encryption for files and messages
Bcrypt password hashing
Two-Factor Authentication (Google Authenticator)
Brute force protection and IP lockout
SQL injection prevention
Secure session management
Comprehensive audit logging

7. Your Rights

You have the right to:

Access your personal data
Request data correction or deletion
Export your files before they expire
Cancel your subscription at any time
Opt-out of marketing emails (service emails are required)

8. HIPAA Compliance

FileWalla meets HIPAA compliance standards for healthcare organizations. We sign Business Associate Agreements (BAA) with healthcare customers upon request.

9. Cookies & Tracking

FileWalla uses cookies to provide essential platform functionality. We are committed to transparency about how cookies are used on our platform.

We use the following types of cookies:

Session Cookies (Essential): Required for login authentication and maintaining your secure session. These expire when you close your browser or log out.
Language Preference Cookie (Functional): Remembers your chosen language (English, Spanish, French, or Portuguese) so you don't have to select it every visit.
Google Analytics (Analytics): We use Google Analytics (GA4) to understand how visitors use our website, including page views, session duration, and general geographic region. This data is aggregated and does not personally identify you.

We do NOT use advertising cookies, social media tracking cookies, or any third-party cookies that track you across other websites.

You can control cookies through your browser settings. Disabling essential cookies will prevent you from logging in. Disabling analytics cookies will not affect your use of the platform.

10. GDPR & International Privacy Rights

If you are located in the European Economic Area (EEA), United Kingdom, or other jurisdictions with comprehensive data protection laws, you have additional rights regarding your personal data:

Right of Access: You can view and download your personal data directly from your account profile page at any time
Right to Rectification: You can update your personal information directly from your account profile page
Right to Erasure: You can delete your own files and messages from your account. For full account deletion, please contact us via our contact form with the subject "Privacy"
Right to Restrict Processing: To request restrictions on how we use your data, please contact us via our contact form with the subject "Privacy"
Right to Data Portability: You can download your files directly from your account before they expire
Right to Object: To object to specific data processing, please contact us via our contact form with the subject "Privacy"
Right to Withdraw Consent: You can cancel your subscription, opt out of marketing emails, or close your account at any time. For other consent-related requests, please contact us via our contact form with the subject "Privacy"

🇨🇦 Canadian Law (PIPEDA): As a Canadian company, FileWalla complies with the Personal Information Protection and Electronic Documents Act (PIPEDA). PIPEDA provides similar protections to GDPR, including the right to access, correct, and challenge the handling of your personal information. To exercise any of these rights, please contact us via our contact form with the subject "Privacy".

11. Changes to Privacy Policy

We may update this Privacy Policy periodically. Continued use of the service after changes constitutes acceptance. We will notify registered users of significant changes via email.

Contact Us

For privacy questions, GDPR requests, or data inquiries, please contact us via our contact form with the subject "Privacy".