OrderFiles
LoginGet Started

Privacy Policy

Last updated: January 27, 2025

The privacy of your data — and it is your data, not ours! — is a big deal to us. In this policy, we lay out: what data we collect and why; how your data is handled; and your rights to your data. We promise we never sell your data: never have, never will.

This policy applies to OrderFiles, operated by Far Horizons OÜ.

What we collect and why

Our guiding principle is to collect only what we need. Here's what that means in practice:

Identity & access

When you sign up for OrderFiles, we ask for identifying information such as your name and email address. That's just so you can personalize your new account, and we can send you invoices, updates, or other essential information. We'll never sell your personal info to third parties, and we won't use your name or company in marketing statements without your permission either.

Billing information

When you pay for OrderFiles, we ask for your credit card and billing address. That's so we can charge you for service, calculate taxes due, and send you invoices. Your credit card is passed directly to our payment processor (Stripe) and doesn't ever go through our servers. We store a record of the payment transaction, including the last 4 digits of the credit card number and billing address, for account history, invoicing, and billing support.

Your uploaded files

OrderFiles stores the digital files you upload for delivery to your customers. These files are stored securely on Amazon S3 and are only accessible via the download links you generate. We do not access, view, or analyze the contents of your uploaded files unless required to investigate abuse or comply with legal obligations.

Your customers' information

When your customers access download links, we collect their Etsy order ID or email address (as provided by you or them) to verify their purchase. We also log their IP address and download activity for security purposes. We do not use this information for marketing or share it with third parties except as required for the service to function.

Geolocation data

We log all access to all accounts by full IP address so that we can always verify no unauthorized access has happened. We keep this login data for as long as your product account is active.

Website interactions

When you browse our marketing pages or application, your browser automatically shares certain information such as which operating system and browser version you are using. We track that information, along with the pages you are visiting, for statistical purposes like conversion rates. These web analytics data are tied to your IP address temporarily.

Cookies

We do use persistent first-party cookies to store certain preferences, make it easier for you to use our application, and support authentication. A cookie is a piece of text stored by your browser to help it remember your login information, site preferences, and more. You can adjust cookie retention settings in your own browser.

Voluntary correspondence

When you write to us with a question or to ask for help, we keep that correspondence, including the email address, so that we have a history of past correspondences to reference if you reach out in the future.

Information we do not collect

We don't collect any characteristics of protected classifications including age, race, gender, religion, sexual orientation, gender identity, gender expression, or physical and mental abilities or disabilities. We also do not collect any biometric data.

When we access or share your information

Our default practice is to not access your information. The only times we'll ever access or share your info are:

  • To provide products or services you've requested. We use third-party services to run our application (see list below). No Far Horizons human looks at your data for these purposes unless you specifically request support.
  • To help you troubleshoot or squash a software bug, with your permission. If at any point we need to access your account to help you with a Support case, we will ask for your consent before proceeding.
  • To investigate, prevent, or take action regarding abuse. Accessing a customer's account when investigating potential abuse is a measure of last resort.
  • When required under applicable law. If the appropriate law enforcement authorities have the necessary warrant, criminal subpoena, or court order requiring we share data, we have to comply. Otherwise, we flat-out reject requests from local and federal law enforcement when they seek data. And unless we're legally prevented from it, we'll always inform you when such requests are made.

Third-party services we use

We use the following third-party services to operate OrderFiles:

  • Clerk — Authentication and user management
  • Stripe — Payment processing
  • Amazon Web Services (S3) — File storage
  • Neon — Database hosting (PostgreSQL)
  • Vercel — Application hosting
  • Sentry — Error tracking
  • Mailgun — Transactional email

Location of Site and Data

Our products and other web properties are operated primarily in the European Union and the United States. Your data may be processed in either location. If you are located outside of these regions, please be aware that any information you provide to us may be transferred to these locations. By using our Service and providing us with your information, you consent to this transfer.

Your Rights With Respect to Your Information

At Far Horizons OÜ, we apply the same data rights to all customers, regardless of their location. We recognize all rights granted under GDPR and CCPA, including:

  • Right to Know. You have the right to know what personal information is collected, used, shared or sold.
  • Right of Access. You have the right to access the personal information we gather about you.
  • Right to Correction. You have the right to request correction of your personal information.
  • Right to Erasure / "To be Forgotten". You have the right to request that your personal information be erased from our possession.
  • Right to Restrict Processing. You have the right to request restriction of how and why your personal information is used or processed.
  • Right to Portability. You have the right to receive the personal information we have about you and the right to transmit it to another party.
  • Right to Non-Discrimination. We do not and will not charge you a different amount to use our products or give you a lower level of customer service because you have exercised your data privacy rights.

To exercise any of these rights, please contact us at privacy@farhorizons.io.

How we secure your data

All data is encrypted via SSL/TLS when transmitted from our servers to your browser. The database backups are also encrypted. We use industry-standard security practices to protect your data at rest and in transit.

When you delete data in your account

When you delete files or data in OrderFiles, they are removed from our active systems within 30 days. They may persist in backups for up to an additional 30 days. In total, when you delete things, they are purged within 60 days from all of our systems.

When you cancel your account, all your data (including uploaded files) is deleted within 60 days.

Changes & questions

We may update this policy as needed to comply with relevant regulations and reflect any new practices. You can view a history of the changes to our policies on Github.

Have any questions, comments, or concerns about this privacy policy, your data, or your rights with respect to your information? Please get in touch by emailing us at privacy@farhorizons.io and we'll be happy to answer them!

Far Horizons OÜ policies are open source, licensed under CC BY 4.0. Adapted from the Basecamp open-source policies / CC BY 4.0.