Privacy Policy

Frevi lets people create encrypted file shares and encrypted text shares that can expire after a set amount of time or after a set number of views. Shares may also be protected with an additional password chosen by the sender.

When we say content is encrypted on your device, we mean the encryption happens before the data is stored by Frevi. The decryption key is kept in the part of the link after the #, which is generally not sent to our servers.

We collect only the information needed to operate the service.

• Share records: encrypted file blobs or encrypted text payloads, share tokens, creation time, expiration time, view limits, current view counts, and whether a share has been revoked.
• Optional account information: email address, secured password credentials, third-party sign-in identifier when you use a linked sign-in option, email-verification state, and session records.
• Security and recovery data: password-reset tokens, verification codes, login-attempt tracking, and security-related cookies used to keep account actions secure.
• Limited file metadata: file size, content type, and internal object identifiers needed to store encrypted files. Frevi is designed so plaintext filenames are encrypted rather than stored in readable form on the server.

• We do not intentionally collect the plaintext contents of a file or text share.
• We do not intentionally collect the decryption key contained in the URL fragment.
• We do not store your plaintext password; account passwords are stored using industry-standard protective measures.

We use collected information to:

• create, store, deliver, expire, and revoke shares;
• authenticate users and maintain account sessions;
• send verification and password-reset emails;
• enforce share limits, rate limits, and abuse protections; and
• debug, secure, and improve the reliability of the service.

Frevi uses cookies that are necessary to operate authentication and security flows. These include session cookies, request-security cookies, and short-lived cookies used during sign-in flows. If you block these cookies, account-related features may not work correctly.

This policy covers the current application as implemented today. If we add analytics, marketing cookies, or other non-essential tracking later, we will update this page.

Frevi is designed for temporary sharing. Share records are created with an expiration time and may also stop working after their allowed view count is reached or after the owner revokes them.

Some expired or revoked records, security logs, and account records may remain in infrastructure backups, storage systems, or deletion queues for a limited period before they are fully removed.

Frevi uses third-party infrastructure providers for application hosting, storage, databases, and email delivery. Your information may be processed and stored in regions where those providers operate the resources used by Frevi.

We do not sell your personal information. We may share information only when needed to:

• run the service through infrastructure providers such as hosting, storage, and email vendors;
• comply with legal obligations or valid lawful requests; or
• protect Frevi, its users, or the public from fraud, abuse, or security threats.

• You can use Frevi without creating an account for basic sharing.
• If you have an account, you can sign in to review active shares and revoke shares you own.
• You can choose to add an extra password to a share before sending it to someone.

Frevi is not directed to children. Please do not use the service if you are not old enough to consent to online services in your jurisdiction.

We may update this Privacy Policy as Frevi evolves. When we do, we will post the new version here and update the last-updated date at the top of this page.