Privacy Policy

GTransfer (“we”, “us”, or “our”) is committed to protecting your privacy. This Privacy Policy explains what information we collect when you use our Service, how we use it, and the choices you have. By using GTransfer, you agree to the collection and use of information in accordance with this policy.

GTransfer is an independent third-party tool. We are not affiliated with Google LLC or any other service provider we integrate with.

2.1 Account Information

When you sign in via Google OAuth, we receive your name, email address, and profile picture from Google. This information is stored in our database to identify your account and personalise your experience.

2.2 OAuth Access Tokens

To perform transfers on your behalf, we store encrypted OAuth access tokens and refresh tokens for each Google account you connect. These tokens allow us to access your Gmail and Google Drive only when you initiate a transfer. Tokens are stored encrypted at rest and are never transmitted in plain text.

2.3 Transfer Logs

We store metadata about transfers you run — such as the number of files transferred, file sizes, timestamps, and success/error status. We do not store the contents of your emails, files, or attachments.

2.4 Payment Information

Payments are processed by Stripe. We do not collect or store your credit card number or banking details. We receive from Stripe a confirmation of payment, the plan purchased, and the transaction amount — which we store for record-keeping.

2.5 Usage Data

We may collect standard server logs including your IP address, browser type, pages visited, and timestamps. This data is used to maintain and improve the Service and is not linked to your personal identity.

We use the information we collect to:

• Authenticate you and manage your account
• Execute the file and email transfers you initiate
• Process and record payments
• Send transactional emails (e.g. purchase confirmation)
• Detect and prevent fraud or abuse
• Improve the reliability and performance of the Service
• Respond to your support requests

We will not use your data for advertising, sell it to third parties, or use it for any purpose beyond operating and improving the Service.

GTransfer's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

In particular:

• We only access Google data that is necessary to perform the transfer you request
• We do not use Google user data to develop, improve, or train AI or ML models
• We do not allow humans to read your Google data unless you have given explicit permission or we are required to do so by law
• We do not transfer your Google data to third parties except as necessary to provide the Service (e.g. uploading to Mega.nz or Drime at your request)

We do not sell or rent your personal data. We may share limited data with:

• Supabase — our database and authentication provider. Data is stored in encrypted form on their infrastructure.
• Stripe — for payment processing. Stripe has its own privacy policy and is PCI-DSS compliant.
• Resend — for sending transactional emails. Only your email address and name are shared for this purpose.
• Mega.nz / Drime — only when you explicitly request a transfer to these services. Your credentials for these services are stored encrypted and used solely to perform the transfer.

We may also disclose your information if required by law, regulation, court order, or governmental authority.

We retain your account information and transfer logs for as long as your account is active. OAuth access tokens are stored until you disconnect the linked account or revoke access via Google.

You may request deletion of your account and all associated data at any time by contacting support@gtransfer.app. We will process deletion requests within 30 days.

GTransfer uses strictly necessary cookies to maintain your authenticated session. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. No cookie consent banner is required for essential session cookies under applicable law.

We take data security seriously. All data is transmitted over HTTPS (TLS). OAuth tokens and third-party credentials are encrypted at rest in our database. Access to our database is restricted to authorised personnel only.

Despite these measures, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security and encourage you to use strong, unique passwords and review your Google account's connected apps regularly.

Depending on your jurisdiction, you may have rights regarding your personal data, including the right to access, correct, or delete your data, and the right to object to or restrict certain processing.

You can revoke GTransfer's access to your Google accounts at any time by visiting myaccount.google.com/permissions and removing GTransfer from the list of connected apps.

To exercise any other rights, contact us at support@gtransfer.app.

GTransfer is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will promptly delete it.

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top of this page. We encourage you to review this policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: support@gtransfer.app