DumpBin

Privacy Policy

Last updated: May 20, 2024

Controller: DumpBin / Wooli Oy, located in Helsinki, Finland.

Contact: Please use our Support Form for all inquiries.

Introduction

DumpBin is a minimalist temporary file and text sharing service: Dump. Share. Disappear. We are committed to protecting privacy and minimizing data processing. This Privacy Policy explains what personal data (if any) we process, why, how long we store it, your rights under the EU General Data Protection Regulation (GDPR), and our legal bases for processing.

Summary (Quick Highlights)

  • Anonymous use: No names, no emails, no IP addresses, no connection metadata are collected for anonymous (standard) users.
  • Registered users: For Smart and Pro accounts we process email addresses and minimal billing data strictly for authentication and payments.
  • Third-party subprocessors: Firebase (Firestore & Storage), Stripe (payments), and Emailit.com (outgoing transactional emails).
  • No tracking or analytics cookies; only essential cookies for authentication sessions when signed in.
  • All uploaded content is temporary and deleted automatically at expiry.
  • Based in Helsinki, Finland — GDPR applies. We are the data controller for personal data we collect.

1. Data we process and why

A. Anonymous / Standard users (no account)

  • What we do NOT collect: names, email addresses, IP addresses, connection metadata (timestamps, user agents), location data.
  • What we may store: uploaded content (text/files) and a randomly generated, non-identifying dump ID / URL token to provide access to the content.
  • Legal basis: Our legitimate interest in providing the service to users who choose anonymous sharing. No personal data is processed.

B. Registered users (Smart and Pro)

Categories of personal data:

  • Email address (for account creation, authentication, password resets).
  • Account metadata (creation date).
  • Billing details: we do not store full payment card data; Stripe processes payments. We store only Stripe customer references and non-sensitive billing metadata.

Purposes and legal bases: Account management and authentication (contract performance), billing/tax compliance (legal obligation), and support (legitimate interest).

C. Logs, abuse prevention and security

DumpBin does not store IP addresses or connection metadata. We do not retain IPs, connection timestamps, or user-agent strings. Any ephemeral logs used for debugging are anonymized and deleted within 24 hours.

2. Data sharing and subprocessors

We use the following subprocessors:

  • Firebase (Firestore & Storage) — Google Ireland — processes storage and database functions.
  • Stripe — payment processing (Stripe Ireland Ltd.).
  • Emailit.com — transactional emails (account confirmation, receipts).

We have Data Processing Agreements (DPAs) in place with each subprocessor to ensure GDPR-compliant processing. We do not sell personal data.

3. Retention periods

  • Anonymous uploads: content retention is set by the user at creation. Content is permanently deleted upon expiry.
  • Registered user account data: retained for the duration of the account plus a reasonable period for legal or tax obligations (up to 7 years in Finland).
  • Debugging logs: deleted within 24 hours.

4. Your rights under GDPR

As an EU data subject, you have the following rights: access, rectification, erasure ("right to be forgotten"), restriction of processing, data portability, and the right to object.

To exercise your rights, please contact us via our Support Form. You also have the right to lodge a complaint with the Finnish Office of the Data Protection Ombudsman.