Privacy policy

Last updated: April 18, 2026

This describes how the Privacy Media Host web application is designed to treat your information. If you deploy it yourself, your organization is the data controller; adapt this page as needed.

Summary

  • Media is encrypted in your browser before upload. The server stores ciphertext, not the original file.
  • Access uses a short id in the URL path and a high-entropy token in the URL fragment (not sent to the server when you load a normal page). Optional passphrases add another layer.
  • Uploaded objects are intended to be deleted automatically after about 24 hours (plus whatever your operator configures).

What you send to the service

When you upload, the Worker receives JSON metadata needed to store and retrieve the ciphertext (for example content type, size, cryptographic nonces and digests, and whether a passphrase was used). If you do not use a passphrase, the decryption key may be carried in the link fragment; fragments stay in the browser unless something in your environment sends them elsewhere.

What the server can see

The hosting platform can observe typical web traffic: TLS metadata, IP addresses, request paths, and API payloads your browser sends. The application is built so the share URL fragment (after #) is not sent to the server as part of a standard navigation request, but operators may still see it in logs if a client, extension, or misconfigured referrer policy exposes it.

Cookies and accounts

This template does not require user accounts for uploads. It does not ship third-party analytics. Any cookies or storage would come from your host, CDN, or changes you make.

Retention

Objects and metadata are scoped to a short lifetime. Cron or lifecycle rules on your bucket should enforce deletion; stale rows should be removed by the Worker’s cleanup job. Verify retention in your own deployment.

Children’s privacy

This service is not directed at children and is not intended to collect personal information from them.

Changes

Operators may update this policy when they change how the site is run. Check the “Last updated” date when reviewing.

← Back to home