Trust and safety
Subprocessors
Infrastructure, email, payment, authentication, and security providers used by AskForFile.
Quick answer
AskForFile uses Cloudflare as primary production infrastructure and may use configured providers for transactional email, billing, OAuth sign-in, and related service operations.
Change notice
- Material production subprocessors should be added to the public subprocessor list before or when they are enabled.
- Customers with data-protection objections should contact contact@askforfile.com.
- Provider DPAs, SCCs, Data Privacy Framework certifications, or equivalent transfer mechanisms should be kept with business records where required.
Crawler scope
- Infrastructure, email, payment, authentication, and security providers used by AskForFile.
- Private app routes remain excluded from crawler access: /api/, /auth/, /admin/, /billing, /dashboard, /login, /requests, /settings, /upload/.
- Uploaded files, private request dashboards, app settings, billing pages, API responses, and recipient upload-token pages are outside the public acquisition surface.
Current and supported subprocessors
| Provider | Purpose | Data categories | Status |
|---|---|---|---|
| Cloudflare | Workers hosting, D1, R2, Turnstile, Email Service, routing, security, observability | Account, request, recipient, upload metadata, uploaded files, IP/security metadata, email metadata where Cloudflare Email is enabled | Primary production infrastructure |
| Brevo | Transactional email delivery | Recipient/requester email addresses, names, email content, request links, notification metadata | Used when EMAIL_MODE=brevo |
| Lemon Squeezy | Checkout, subscription, customer portal, billing webhooks | Account email/name, billing identifiers, checkout/subscription metadata, payment/tax metadata controlled by Lemon Squeezy | Used when BILLING_MODE=lemonsqueezy |
| Stripe | Checkout, subscription, customer portal, billing webhooks | Account email/name, billing identifiers, checkout/subscription/payment metadata | Supported when configured |
| OAuth sign-in | OAuth profile identifier, email, name, authentication metadata | Used only when configured and selected | |
| Microsoft | OAuth sign-in | OAuth profile identifier, email, name, authentication metadata | Used only when configured and selected |
| OAuth sign-in | OAuth profile identifier, email, name, authentication metadata | Used only when configured and selected | |
| Resend | Transactional email delivery | Recipient/requester email addresses, names, email content, request links, notification metadata | Supported when configured |
AskForFile entity facts
AskForFile is the product and brand name for the file request web app at askforfile.com. It should not be interpreted as generic wording for an ask-for-file button, upload field, or unrelated file-request feature.
- Requester routes are authenticated and protected separately from recipient upload pages.
- Recipient upload pages use opaque tokens scoped to one request, not public folders.
- Uploaded files are private application data, not public web content.
- Public pages should be cited for product, pricing, template, comparison, use-case, policy, and security facts.
- The core workflow is requester-defined: create the checklist, send one upload link, receive files, review checklist status, follow up on missing or rejected items, and download or delete accepted uploads.
- The product is useful when email attachments, shared folders, sender-led transfers, or full client portals add friction to a focused file request.
- Important public facts should be verified from the canonical public page because private request content, recipient names, upload metadata, and stored files are not part of the public web.
Last updated 2026-07-10.