At Borehole, our fundamental architecture is designed around your privacy. This Privacy Policy outlines what limited information we collect, how we use it, and how we protect your data when you use our website and services (the "Service").
1. The Privacy of Your Files (The "Anti-Cloud" Guarantee)
Borehole is a peer-to-peer (P2P) utility. We do not see, store, or monitor the files you transfer.
- Direct P2P Link: When a successful direct connection is made, your data flows straight from your hard drive to the receiver's hard drive. It never touches a Borehole server.
- End-to-End Encryption: All transfers are cryptographically secured and end-to-end encrypted by default browser protocols.
- Backup Cloud Routing: If a strict firewall blocks a direct P2P link, the transfer may route through our third-party fallback service (Cloudflare TURN). This service acts only as a blind relay for encrypted packets to prevent the transfer from failing. It cannot decrypt, cache, or read your files.
2. Information We Collect
While we do not have access to your files, we do collect necessary metadata and account information to keep the Service operational:
- Account Data: If you upgrade to an Operator license, we collect your email address to authenticate your account and manage your subscription.
- Payment Information: All payments are processed securely by our third-party payment provider (Stripe). We do not collect or store your full credit card number on our servers.
- Technical & Connection Data: To negotiate the connection between peers, we temporarily process IP addresses. This is a fundamental requirement of WebRTC routing and network signaling.
3. How We Use Your Information
We use the limited data we collect exclusively to:
- Provide, maintain, and secure the Service.
- Process transactions and send billing notices.
- Respond to your customer support requests.
- Prevent abuse, fraud, and illegal activity on our platform.
4. Third-Party Service Providers
We utilize trusted third-party infrastructure to run Borehole. These providers are bound by strict data processing agreements:
- Firebase: For secure website hosting.
- Railway: For hosting our backend infrastructure and network signaling server.
- Supabase: For user authentication and secure database management.
- Stripe: For payment processing and subscription management.
- Cloudflare: For DNS routing, basic web security, and encrypted TURN relay services.
5. Cookies and Analytics
We use essential cookies strictly to maintain your logged-in session and authenticate your account. We do not currently use analytics services to track website traffic, though we may integrate privacy-respecting analytics in the future. We do not use third-party tracking cookies to sell your data to advertisers.
6. Data Retention and Your Rights
You have full control over your active data. You can permanently delete your account at any time using the deletion button located in your account management dashboard. Initiating this process immediately purges your authentication data from our active database (Supabase).
Please note that for legal, tax, and compliance reasons, our payment processor (Stripe) securely retains your past billing history. Your subscription will simply be marked as canceled within their systems.
7. Contact Us
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:
Email: support@borehole.one