At SafeSFTP.com, operated by Dane Commercial Services Ltd, we are committed to ensuring the highest levels of data protection, privacy, and transparency in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This document explains how we handle personal data, our obligations under the law, and your rights as a user of our platform.
SafeSFTP.com is a secure cloud-based file transfer platform operated by Dane Commercial Services Ltd, a company registered in England and Wales with company number 16193091. Our registered office address is 61 Bridge Street, Kington, United Kingdom, HR5 3DJ.
As a service provider, we may act as a Data Controller when we collect and manage your personal data such as account details and billing information. We may also act as a Data Processor when you upload personal or third-party data to our platform, in which case we process that data strictly on your behalf and in accordance with our Terms of Service.
You may contact us with any data protection queries at [email protected].
In our role as a Data Controller, we determine the purposes and means of processing your personal data that you provide directly, such as your name, email address, and billing information. This applies when you create an account, communicate with our team, or purchase a subscription.
In our role as a Data Processor, we process data on your behalf when you upload files or transfer data through the SafeSFTP platform. We do not access, modify, or analyse this data unless explicitly required for support, maintenance, or to comply with legal requirements. In these cases, access is strictly limited to authorised personnel under secure conditions.
We process personal data under the UK GDPR based on several lawful grounds. Where it is necessary for the performance of a contract, we process your data to set up your account, provide the SafeSFTP services you have subscribed to, and manage your payments and communications.
Where we are under a legal obligation, we retain records for tax purposes, ensure compliance with applicable UK legislation, and respond to law enforcement or regulatory requests as required.
In certain cases, we rely on our legitimate interests to process personal data for purposes such as service improvement, fraud prevention, securing our infrastructure, and monitoring performance—provided that such interests are not overridden by your rights.
When required by law, such as for marketing or the use of non-essential cookies, we will request your explicit consent before collecting or processing your data. You may withdraw consent at any time.
We only process data that is necessary for the delivery and operation of our services. The personal data we may collect and handle includes the following:
When you register an account, we collect your name, email address, organisation name, and contact details required to create and manage your profile. During subscription setup, we may process billing and payment method details, although these are securely handled by third-party payment processors and not stored by SafeSFTP.
During your use of the platform, we automatically log data such as your IP address, browser type, access timestamps, and file transfer metadata to monitor performance, diagnose issues, and maintain system security.
When you contact our support team via email or Zoho Desk, we collect chat history and support tickets to resolve your requests and improve customer service.
Finally, any data you upload to SafeSFTP—including files and associated metadata—is processed solely to deliver the service. We do not access or analyse this data for other purposes.
All personal and uploaded data is securely stored within data centres located in the United Kingdom, European Union, or European Economic Area (EEA). These data centres are operated by trusted infrastructure providers who comply with relevant data protection and security standards.
We do not transfer your personal data outside these regions unless it is legally required or sufficient safeguards such as Standard Contractual Clauses or adequacy decisions are in place.
We work with a small number of third-party service providers (subprocessors) who help deliver our services. All subprocessors are bound by contract to protect personal data and only process it on our instructions.
Examples include Zoho Desk for support services, UK/EU-based cloud hosting providers for data storage and system operation, and PCI-DSS compliant payment processors for billing. A current list of subprocessors is available on request and is subject to change with notice.
We implement appropriate technical and organisational measures to ensure the confidentiality, integrity, and availability of your data. All transfers are encrypted using secure protocols (SFTP/SCP over SSH). Stored files are encrypted at rest using AES-256 encryption.
Our systems automatically scan uploaded files for viruses. Access is controlled using authentication systems, and all administrative access is logged and audited. We perform regular vulnerability assessments and apply updates in line with industry best practices.
We retain personal data only as long as required to deliver the service or meet legal obligations. File data and transfer logs are retained for the duration of the subscription and deleted when no longer needed. Account and billing information may be stored longer for tax and compliance purposes.
When an account is cancelled, personal data is permanently deleted or anonymised within 30 days unless required to be retained by law.
You have the right to access your personal data and receive a copy of it in a readable format. You may also request that we correct inaccuracies, delete data, or restrict how it is processed under certain circumstances.
You may object to processing based on our legitimate interests or direct marketing. You may also request data portability if the processing is based on consent or contract and carried out by automated means.
If processing is based on consent, you have the right to withdraw that consent at any time.
To exercise your rights, contact us at [email protected]. If you are not satisfied with our response, you can contact the UK Information Commissioner’s Office at https://ico.org.uk.
If your organisation processes personal data using SafeSFTP, we offer a Data Processing Agreement (DPA) in accordance with Article 28 of UK GDPR. This document outlines our responsibilities and restrictions as a Data Processor.
Please email us to request a copy of the DPA for your organisation.
If we become aware of a data breach that poses a risk to your rights and freedoms, we will notify you promptly and in accordance with legal obligations. Our notification will include the nature of the breach, affected data types, mitigation steps, and recommended user actions.
We maintain a formal incident response plan and investigate all reported incidents thoroughly.
We use cookies to manage user sessions, support analytics, and provide secure customer support via Zoho Desk. Essential cookies are used without consent as they are necessary for the operation of the platform. We will request your consent for non-essential cookies (such as tracking or marketing) where legally required.
You may change your cookie preferences at any time through your browser settings or in our platform's cookie settings interface.
Further information is available in our Privacy Policy.
This GDPR Compliance Policy may be updated periodically to reflect changes in the law, our services, or industry standards. The most current version will be available at http://www.safesftp.com/gdpr. Material changes will be notified to you by email or in-app notification where appropriate.
If you have any questions or concerns about this GDPR policy or our privacy practices, please contact us at:
Dane Commercial Services Ltd