OSDriveOSDrive
Dashboard

Legal

Privacy Policy

Last updated April 10, 2025

Information we collect

  • Account information. When you create an account we collect your email address and, if you choose to provide it, your name. Passwords are hashed using bcrypt before storage — we never store them in plain text.
  • Usage data. We log the API calls your client makes (method, timestamp, response code) so we can debug issues and monitor reliability. We do not log the names or contents of your files.
  • Device metadata. The desktop client sends your OS version and app version on first launch and on update. This lets us drop support for end-of-life platforms safely.
  • Billing information. Payments are processed by Stripe. We store only the Stripe customer ID and your subscription status — no card numbers ever touch our servers.

How we use your information

  • To provide, maintain, and improve OSDrive.
  • To send transactional emails — account confirmation, password reset, subscription receipts. We do not send marketing email without your explicit opt-in.
  • To detect and prevent abuse, fraud, and security incidents.
  • To comply with legal obligations.

Data storage and security

  • Your file data is stored encrypted at rest (AES-256) in the region you select at drive creation time. In-transit data is protected by TLS 1.3.
  • Access to production systems is restricted to a small number of engineers, requires MFA, and is logged. We conduct periodic access reviews.
  • We retain account data for as long as your account is active, plus 90 days after deletion to allow recovery. Anonymised aggregate metrics are retained indefinitely.

Third parties

  • Stripe — payment processing. Stripe's privacy policy governs data they collect during checkout.
  • Cloudflare — CDN, DNS, and DDoS mitigation. Traffic passes through Cloudflare's network.
  • Resend — transactional email delivery.
  • We do not sell your personal data to any third party, ever.

Your rights

  • You may request a copy of the personal data we hold about you, ask us to correct inaccuracies, or ask us to delete your account and associated data. To exercise any of these rights, email us at oscar@osdrive.app.
  • If you are in the EEA, UK, or Switzerland, you have additional rights under GDPR and equivalent legislation, including the right to lodge a complaint with your local supervisory authority.

Cookies

  • The web dashboard uses a single session cookie to keep you logged in. We do not use third-party tracking cookies or analytics SDKs. There is no cookie banner because there is nothing to consent to beyond the strictly necessary session cookie.

Changes to this policy

  • We will post changes to this page and update the date at the top. For material changes we will notify you by email at least 30 days before they take effect.

Contact

  • Questions or requests: oscar@osdrive.app. We aim to respond within five business days.