What information do we collect?

We store some personal information to make your use of our Services possible. There are several ways in which we may collect personal information from you: you may submit it or we will collect it automatically through our Services. Different types of personal information may be collected depending on the way you use our Services and which Services you use. Please check the section “What are your rights as a user” to find out how you can change, access or delete your personal information.

Personal information you submit

WeTransfer collects, processes or hosts personal information you provide.

1. Contact information: your name and your email address or the email address of the recipient(s).
2. Information about yourself: age, gender, city.
3. Preferences: for example language settings or interests.
4. Content and metadata: you may choose to upload or create Content which contains all sorts of personal information about you and others. Such Content also contains a filename, size and filetype.
5. Personal messages: the ones you send to people along with sharing your files.

The uploader or creator(s) is responsible for the legitimacy of the Content and needs to follow our Terms of Service, WeTransfer only processes it to provide its Services. If you upload, send or create personal information via one of our Services, you may ask for a Data Processing Agreement by sending an email to legal@wetransfer.com.

Personal information we collect by automated means

WeTransfer also collects and uses personal information by automated means while you use our Services.

1. Browser information: type of browser, language settings, country and timezone.
2. Cookie or web beacon information: cookie IDs and settings and other personal information received through cookies, web beacons or pixel tags. Learn more about under section “Why and how are cookies used”.
3. Device information: the type of device, hardware model and operating system.
4. Identification details: unique identifiers such as an IDFA (for iOS), MAC address or a UserID.
5. Network information: IP-addresses and mobile network information.
6. Location data: data on your geo-location. If we use your device based, precise GPS-location, we will make sure we only do so after receiving your consent.
7. Service usage: information regarding the way you interact with our Services, websites and mobile apps.

Personal information we receive from partners

In some cases we receive personal information from third parties, such as:

1. Integration information: you can choose to integrate some of our Services with your (social media or messaging services) account, such as Slack, in order to provide you with a rich messaging functionality.
2. Marketing information: some partners may provide additional (aggregated) information, for instance through their Software Developer Kits (SDKs). This may contain demographic or behavioural information in order for us to personalize content, advertisements and offers and to find the right audience for our advertisements.
3. Legal Information: when law enforcement agencies or courts order us to take down Content, we may initially receive personal information about you and your behaviour.

Why do we use your personal information?

We use your personal information in order to provide and improve our Services, to comply with legal obligations and to advertise our Services and to keep our Services safe and secure. Please find below how we use your personal information specifically and on what legal grounds we base the use of your personal information.

Activities & purposes

1. Service: the most important reason for using your personal information is, of course, to offer you our Services as mentioned in our Terms of Service, for example to create or visualize your Content or share your ideas and to let you access and use your Content across different devices.
2. Support: we provide a wide range of support services to help you out whenever you’re in need, for instance when you need technical assistance. If it’s needed to offer support, the Support-team can, on your request, access your Content in order to help you out.
3. Account & billing: creating and upholding your personal account for example to facilitate your address book and to enable you to access your Content across different devices, facilitating payment of your subscription fee and perform accounting, auditing & billing activities.
4. Safety, integrity & security: WeTransfer follows up on abuse reports, NTD/DMCA reports, fraud investigations and could investigate your compliance with our of our Terms of Services and/or API Terms of Use. Furthermore, we detect & block Child Sexual Abuse Imagery (CSAI). Detection of CSAI leads to automated decisions whether such Content is potential CSAI. Cases of potential CSAI will be reported directly to law enforcement agencies. Furthermore, we protect ourselves against fraud and other illegal activities. In all these cases we withhold the right to preserve your Content and share it, together with other identifying information, with law enforcement agencies. Finally, we could use your personal information for internal control to safeguard our and your safety, integrity and security. For instance, in case of any suspicion of violations of our Terms of Services or the API Terms of Use.
5. Improvement & development: we evaluate the use of our Services to improve our Services, fix bugs, develop new products and services. We do this either by market research (for instance by sending out surveys) or by performing analyses (for example by tracking and bringing together your personal information across our Services or across your mobile devices). We do this in order to understand how our user base as a whole interacts with our Services, but also to review the effect of our advertisements and to improve those Services and advertisements accordingly.
6. Marketing, advertisement & communication: we use your personal information for marketing and (interest based) advertising for instance by using SDKs or cookies, as well as communication. Think updates on new Services, but also personalised advertisements of WeTransfer or our partners, which we can serve on our or third party websites. In order to find the right audience for these advertisements we will look at certain segments of people. For instance, people who use similar Services as ours, people who share the same characteristics as our current users or people within a certain geo-location, such as the Amsterdam area. In order to connect with our target audience, we might use sequential messaging, which is basically a form of storytelling: each time you interact with our Services on a different device, you may receive a slightly different ad in a different form, but the ads are part of the same story. Moreover, based on the way you interact with our Services through your devices, we might promote one of our (other) Services or features. Finally, we enable you to engage in any (personalised) actions, promotions or events we offer.
7. Legal: in so far as necessary, we might use your personal information to defend WeTransfer in legal proceedings in relation to or as a result of your use of our Services, following a court order, abiding by any law, regulation or governmental request, cooperating with law enforcement, cooperating in fraud investigations of third parties, safeguarding national security, defense, public security, and to uphold our Terms of Services.

Legal grounds

Each processing activity has a valid legal ground, which is described below.

1. Contractual obligations with you: regarding the activities and purposes mentioned under 1, 2 and 3. We need to process personal information to offer our Services through our websites and mobile apps, to provide (technical) support and to bill your subscription fee.
2. Legal obligations: regarding the activities and purposes under 3, 4 and 7. We’re legally obliged to process your personal information for accounting purposes, to respond to legal requests and NTD- or DMCA-requests.
3. Consent: (partially) regarding activities and purposes mentioned under 2 (e.g. accessing your Content for support) and 6, except when we communicate direct marketing in relation to our own and similar Services to you as a paid user.
4. Legitimate interests: (partially) regarding activities and purposes under 1 & 3 (e.g. to provide cross device access). For the purposes mentioned under 4 in order to provide safe Services, to prevent fraud and react against illegal use of our Services. For our innovative interests as mentioned under 5. And finally for our (direct) marketing, brand interests under 6 and legal & compliance interests as stated under 7. When we use your personal information based on our or a third party’s legitimate interest, we will make sure to balance your rights and freedoms against said legitimate interest. If, to the extent applicable, you wish to object to the activities based on our legitimate interest and there’s no opt-out available in your account settings or received communication, please contact legal@wetransfer.com

What parties do we share personal information with?

WeTransfer has several partners to operate and improve its Services. Furthermore, we may share or allow you to share your information as part of some of the Services.

1. Service providers: such as our hosting provider, user support provider, IT & software providers, our payment processors, email processors and the accountant.
2. People and (social) media of your choice: you may choose to share your Content with others, such as teammates, within our Services or on (social) media like Twitter.
3. Law enforcement agencies or regulators: we are obliged to share your personal information in case of a legal request. In case we run across CSAI or when we’re notified on other illegal Content we’ll also share your personal information with law enforcement agencies.
4. Business partners: we collaborate with advertising partners, marketing and communication agencies. We do this for (interest based) advertising, branding and reaching out to you. Our advertising partners implement their own tracking cookies which fall under their terms of services and privacy & cookie statement. Please find a list of all third party cookies and their privacy policies here.
5. Integrated services: if you decide to integrate (one of) our Services with another service (such as Slack or your social media account) we will connect that service with ours. In order to provide such service, we will need to share some of your personal information with that service. The terms and privacy & cookie statement of these third parties applies, at least for their part of the connection.
6. WeTransfer entities: we share personal information between entities which are part of the WeTransfer group in order to provide our Services and for all purposes mentioned under “Why do we use your personal information?”.

We’re a global business, which means we might share or store personal information in countries outside of the European Economic Area (“EEA”). Those countries have different data protection laws in place. However, when we transfer- and host data globally, we will make sure that appropriate safeguards are in place in order to ensure your personal information enjoys a similar level of protection as it would within the EEA. For example, we will verify that the receiving partner is certified under EU-US Privacy Shield or we will sign EU Standard Contractual Clauses.

EU-US Privacy Shield

Our subsidiary in the United States, WeTransfer Corp, complies with the EU-US Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the use and retention of personal information transferred from the European Economic Area and the United Kingdom to the United States.

WeTransfer Corp adheres to the EU-US Privacy Shield principles and is subject to oversight by the U.S. Federal Trade Commission. If you have any complaints regarding the transfer of your personal information to the US, please first file them directly at us via legal@wetransfer.com. The panel of EU Data Protection Authorities (DPA Panel) acts as the independent recourse mechanism for complaints regarding EU-US Privacy Shield complaints. The examination of such complaints is free of charge to you. You can find the contact information of your local DPA here. In case your concern still isn’t addressed by the DPA Panel, you may be entitled to invoke binding arbitration under the EU-US Privacy Shield Principles, find out more here.

As explained under section "What parties do we share personal information with", we sometimes provide personal information with third parties to perform services on our behalf. If we transfer personal information received under the Privacy Shield to a third party, the third party’s use of the personal data must also comply with our Privacy Shield obligations. In such a case we will remain liable under Privacy Shield for any failure to comply by the third party, unless we prove we’re not responsible for the event giving rise to the damage.

You can find our certification here. To learn more about EU-US Privacy Shield visit: https://www.privacyshield.gov.

Why and how are cookies used?

We place cookies with the intention of making WeTransfer even better. We work hard to make our Services safe, beautiful and unobtrusive. Feel free to block cookies, but this may affect how well our Services work.

We place several cookies (or similar technologies, like pixels or web beacons) on your device for the purpose of facilitating your use of the Service and to find out how the Service may be improved. We or our advertising partners also place cookies on our website(s). Being a global service, these partners can vary per country. When our advertising partners place cookies, these cookies can process personal information to measure the effectiveness of the campaign.

Cookies are small text files that are stored on your computer by your browser when you visit a website. Examples of cookie purposes are: your language preferences, logging into an account, remembering login details, serving you personalised advertisements and acceptance of the Terms of Service and Privacy & Cookie Statement. Our website can place these cookies for the following purposes:

1. Functional cookies are used to provide functionalities when using our Service, such as the possibility to set preferences or to remember your previous settings.
2. Analytical cookies are used to optimise our Service. For example to optimise the usability of our website by AB-testing a new feature, to make the website more user-friendly and to analyse how you use our Service. We also use analytical cookies to stop bots and malicious behaviour like spam. When we use analytical cookies, this could include third party cookies, as found in the cookie list. These third party analytical cookies process personal information, which is detailed in the cookie list too.
3. Advertisement cookies are used for commercial, editorial and promotional purposes. With these cookies your internet- and surf behaviour can be followed over various domains and websites. WeTransfer only checks the (one) website you visited prior to your visit to one of our websites. We do not track the website you visit after you leave our website. Advertisement cookies are often also placed by third parties to measure the effectiveness of their advertising campaigns and to follow your internet- and surf behaviour over other domains and websites where they have placed a cookie. WeTransfer does not have access to or control over personal information collected via these cookies or other features that advertisers and third parties may use. Our Privacy & Cookie Statement is therefore not applicable to these third party cookies and we refer you to third parties’ Privacy Statements to read how they handle personal information. You can find a list of the limited amount of third party cookies and a link to their privacy policies here.
4. Pixel tags or web beacons are a piece of code embedded on the website that collects personal information about users' engagement on that web page. The use of a pixel allows us to record, for example, that a user has visited a particular web page or clicked on a particular advertisement. The pixel also allows us to see from which previous website or channel a user arrived at our website.

We have an extensive cookie list available here, which we will update at least four times a year. Due to the changing nature of our Service, this may result in the cookie list not being fully up to date at times. If you would want to remove certain cookies, or block them from being stored in your browser, it is possible to arrange this through your browser settings for cookies. You can find these settings under the Privacy tab in the Preferences section of most browsers. Here you can specify your cookie preferences or remove cookies. Please note that if you remove or refuse WeTransfer cookies, the Service might not function in optimal form.

Can you use WeTransfer for private or sensitive files?

We treat your Content with respect. We don’t provide any public search function, catalogue or listing to find Content. We trust you understand that in order to fulfill our moral responsibility to reduce the spread of Child Sexual Abuse Imagery (CSAI), we do use automated systems to to detect such Content. Finally, we’re obliged to delete your Content when we receive a Notice-and-takedown/DMCA-request or when we receive a legal request.

Please be mindful when distributing download/ access links - whoever it is passed on to or has access to a download/access link can access or download the Content. For extra security and confidentiality you might want to use our feature to protect your files with a password (if available).

What retention procedures are in place?

The retention period for your personal information depends on which Service you use and it depends on which category of personal information we’re talking about. Always check out the website(s) or app(s) of the Service(s) for the specific information on retention periods.

Personal information

WeTransfer retains your personal information as long as its necessary to provide our Services to you (e.g. upholding your user account), to conduct our business activities and fulfill our legitimate interests, such as providing safe and secure services, to fix bugs and to reach out to you, to comply with applicable laws (e.g. retaining financial information for 7 years for tax purposes) and legal requests and to resolve (legal) disputes.

Files you transfer

When using WeTransfer File Sharing your Content will be deleted after 7 days, unless you have a Pro account in which case your transfer data is stored by default for 28 days or until the expiry date you set manually. After this period, a file is automatically deleted from our servers. The personal information that accompanies your transfer is kept for a maximum of 12 months. Such personal information is only accessible to very few people within WeTransfer, those that need it to perform their job, for example to provide you with support. When data is older than 12 months, we scrub it from the database, pseudonymise or anonymise it for analysis. Pseudonomising your personal information means that we do not use your email address or IP address for analytical purposes, but create a random pseudonym for both and use that pseudonym instead. That way we don’t have to handle directly identifiable personal information, which is privacy-friendly.

Content you create, use, store or share through the Services other than file sharing

The Content you create, use, store or share on our Services, other than our File Sharing Service, is, in principle, retained until you stop interacting with our Service(s), when you delete your Content from the Service(s), when you delete the Service(s) from your device(s) or when you delete your account. Always check out the website(s) or app(s) of the Service(s) you use for specific information.

How safe is it to use our Services?

WeTransfer takes technical and organisational measures to protect your personal information against loss or other forms of unlawful processing.

We make sure that personal information is only accessible by those who need access to do their job and that they are properly authorised. That means we keep logs of who has access to personal information, we limit the amount of people that have access and we make sure that personal information can only be read, copied, modified or removed by properly authorised staff. We monitor internal activity to ensure the safety and accuracy of personal information.

WeTransfer staff is required to conduct themselves in a manner consistent with the company’s guidelines regarding confidentiality, ethics, and appropriate usage of personal information. Staff is required to sign a confidentiality agreement.

During an upload, while it's stored on our servers and during a download, Content is encrypted and only sent over a secure connection (https). The servers we use to store your Content for you are GDPR compliant and secure.

Can minors use our Services?

You are only allowed to use our website, apps and/or Services when aged 16 and over. When you’re younger than 16 you may use our website, apps and/or Services only after parental approval or approval of your legal representative. Minors under the age of 13 in the USA are not allowed to use our Services.

What are your rights as a user?

If you need more info on your personal information, please let us know. We may ask for proof of identity. If you change your mind and no longer want us to process your personal information, let us know.

You can ask WeTransfer to:

1. access, receive a copy of or correct your personal information;
2. in certain cases, erase your personal information or block or restrict our use of it;
3. in certain cases, send your personal information to other third parties.

You can do this by sending an email to legal@wetransfer.com Please state clearly in the subject that your request concerns a privacy matter and more specific whether it is a request to access, correction or deletion. Bear in mind that under circumstances WeTransfer requests for additional information to determine your identity.

Right to object

You have a right to object to our use of your personal information, for instance when the legal base for processing is based on one of our legitimate interests (see subsection “Legal grounds”). If you inform us that you do not longer wish us to process your personal information or to be approached, WeTransfer will move your personal information to a separate file. Your personal information will no longer be used for the above mentioned purposes, unless our legitimate interest, for example safety & security, outweighs your right to objection. You can request this via legal@wetransfer.com. Please state clearly that your request concerns a privacy matter and more specifically that you exercise your right to object.

If you think we have infringed your privacy rights, you can lodge a complaint with the relevant supervisory authority. You can lodge your complaint in particular in the country where you live, your place of work or place where you believe we infringed your right(s).

Withdrawal of consent

When you’ve provided your consent for us to process your personal information, you can withdraw your consent at any time, without affecting the lawfulness of processing activities based on consent before its withdrawal. If you withdraw your consent, we will no longer process the personal information which we’ve received based on your consent.

California consumers

Subject to certain limitations under California Civil Code § 1798.83, if you are a California resident, you may ask us to provide you with (i) a list of certain categories of personal information that we have disclosed to certain third parties for their direct marketing purposes during the immediately preceding calendar year and (ii) the identity of certain third parties that received personal information from us for their direct marketing purposes during that calendar year. We do not, however, share your personal information with marketers, subject to the above statute.

How to contact WeTransfer

Our support team is available via support@wetransfer.com. If you have any questions, please email us in English, to make sure we can help you in the best way. If you have questions about the way WeTransfer processes your personal information or the personal information WeTransfer stores about you, please contact WeTransfer by sending an email with your question to legal@wetransfer.com We speak Dutch & English. If you need to contact our Data Protection Officer, please do so via dpo@wetransfer.com.

Revisions to the Privacy & Cookie Statement

Note that WeTransfer may revise this Privacy & Cookie Statement from time to time. Each revised version shall be dated and posted on the website. WeTransfer recommends that you review the website from time to time and take note of any changes. If you do not agree with the Privacy & Cookie Statement, you should not or no longer access or use the website and/or service. By continuing to use the website and/or service you accept any changes made to the Privacy & Cookie Statement.