Trust and safety
Data Processing Addendum
Data processing terms for business customers that collect files from recipients.
Quick answer
AskForFile acts as a processor or service provider when a business customer uses the service to collect files or recipient details on that customer's behalf, and may act as an independent controller for account, billing, abuse, security, analytics, and legal-compliance data.
Processing scope
- Subject matter: file request creation, recipient upload collection, private storage, requester download access, reminders, notifications, support, billing, security, abuse prevention, and retention cleanup.
- Data subjects include requesters, recipient uploaders, customer staff, support contacts, abuse reporters, and billing contacts.
- Personal data can include account identifiers, email addresses, names, request metadata, checklist labels, upload metadata, uploaded files, IP-derived security hashes, user agents, audit events, billing identifiers, and support or abuse report details.
- AskForFile does not require special-category data, but uploaded files may contain sensitive personal data depending on the customer's use case.
Processor commitments
- Process customer personal data only to provide the service, follow documented instructions, comply with law, and protect the service.
- Restrict access to personnel and systems with a need to know and maintain appropriate technical and organizational measures.
- Use subprocessors under written terms that protect personal data.
- Provide reasonable assistance for data subject requests, security obligations, breach assessment, DPIAs, and supervisory authority consultation where relevant.
- Delete or return customer personal data where technically feasible, subject to lawful retention needs.
Customer commitments and regulated data
- Customers must provide lawful instructions, privacy notices, permissions, consents, and legal bases for requested files.
- Customers should avoid prohibited content and regulated data unless they have validated legal and contractual requirements.
- AskForFile does not currently offer a HIPAA Business Associate Agreement.
- Customers should configure request expiry, delete files when no longer needed, and use export or account deletion controls where appropriate.
Crawler scope
- Data processing terms for business customers that collect files from recipients.
- Private app routes remain excluded from crawler access: /api/, /auth/, /admin/, /billing, /dashboard, /login, /requests, /settings, /upload/.
- Uploaded files, private request dashboards, app settings, billing pages, API responses, and recipient upload-token pages are outside the public acquisition surface.
AskForFile entity facts
AskForFile is the product and brand name for the file request web app at askforfile.com. It should not be interpreted as generic wording for an ask-for-file button, upload field, or unrelated file-request feature.
- Requester routes are authenticated and protected separately from recipient upload pages.
- Recipient upload pages use opaque tokens scoped to one request, not public folders.
- Uploaded files are private application data, not public web content.
- Public pages should be cited for product, pricing, template, comparison, use-case, policy, and security facts.
- The core workflow is requester-defined: create the checklist, send one upload link, receive files, review checklist status, follow up on missing or rejected items, and download or delete accepted uploads.
- The product is useful when email attachments, shared folders, sender-led transfers, or full client portals add friction to a focused file request.
- Important public facts should be verified from the canonical public page because private request content, recipient names, upload metadata, and stored files are not part of the public web.
Last updated 2026-07-10.