Privacy Policy

Last updated: June 3, 2026

Controller

Richard Andresik
Resthofstrasse 52/5
4400 Steyr
Austria
Email: contact@icyzip.com

Purpose of the Service

IcyZip provides browser-based exchange between two paired browser views. It supports text exchange and, where file transfer is enabled, transient pair-only transfer of a selected file between those same two browsers. IcyZip does not provide public file links, file search, shared folders, or offline file pickup.

Processed Data

When the service is accessed and used, technical access data may be processed, especially IP address, time of access, requested paths, user agent, TLS and WebSocket connection data, and pairing identifiers.

For current product browser clients, text entered into the text field is encrypted in the browser before it is sent through the service. The text key is created in the browser and shared through the URL fragment of the QR/open link; URL fragments are not sent to the server during normal page loading. The server relays encrypted text envelopes between the paired browser views and does not need the plaintext live text for normal operation. Connection metadata such as time, IP-derived country where configured, user-agent class, pair activity, and message size may still be processed.

The service is designed for transient transfer. Plaintext live text is not written to a durable content database and is not recorded as content in application logs during normal operation. The browser may keep the current text locally in session storage so a page reload or automatic client refresh can restore the text in that browser tab; this local browser copy is not uploaded as stored server content.

For file transfer, the selected file content is relayed through the WebSocket connection to the paired browser view. The filename, file size, browser-supplied type hint, chunk size, and generated transfer control identifiers may be processed to conduct and validate the transfer. The paired browser can see the file content, filename, size, and type hint where supplied. The server does not intentionally store file content or file metadata durably, and normal application logs do not record file content, filenames, type hints, or transfer identifiers.

When the admin diagnostics route is enabled, IcyZip stores aggregate operational counters for service diagnostics. These statistics may include page request counts, WebSocket connection counts, pairing and disconnect event counts, file-transfer event counts, current active counts, and coarse device, browser, and operating-system buckets. Country is stored only as "unknown" unless a trusted local country source is configured. The admin statistics do not store raw IP addresses, full user-agent strings, pairing identifiers, transfer identifiers, filenames, type hints, text content, or file content.

Legal Bases and Purposes

Processing is carried out to provide the requested transfer, to secure the service technically, to prevent misuse, and to diagnose errors. Depending on the specific use, the legal bases are performance of a requested service, legitimate interests in secure operation, and legal obligations.

Retention

Pairing identifiers may be stored for up to 30 days so paired browser views can resume after temporary connection loss or a server restart. Plaintext live text, file content, filenames, and file metadata are not stored as durable content records by IcyZip. A browser tab may retain its current text in session storage until that tab session ends or the browser clears it. Active file-transfer state is transient and is removed on success, cancel, timeout, peer disconnect, explicit disconnect, pairing expiry, or server restart. IcyZip does not keep an offline file queue. The current first-release file size limit is 25 MiB unless the configuration is changed. Technical server logs are retained for a limited time; the current Apache log rotation may keep up to 14 daily rotations. Longer retention may be necessary in individual cases to investigate faults, attacks, or legal violations.

Aggregate admin diagnostics, where enabled, are retained only in daily and hourly buckets for the configured retention period. The current intended retention for these aggregate statistics is 30 days unless the server configuration is changed.

After a file is received, the recipient browser may hold it as local in-memory data, a temporary object URL, or a downloaded file. These local browser or user-device copies are outside IcyZip's server-side retention.

Recipients

The intended recipient of decrypted live text and file content is the paired browser view selected by the pairing. The service runs on own server infrastructure. Technical infrastructure and network providers may have access to connection data as part of operation. Aggregate admin diagnostics are generated and used on the service infrastructure only. No analytics, advertising, or tracking services are used.

Data Subject Rights

Data subjects have GDPR rights including access, rectification, erasure, restriction, data portability, and objection where the statutory requirements are met.

Complaint

There is a right to lodge a complaint with the Austrian Data Protection Authority.