Privacy Policy

April 14, 2023

How we protect your data:

Definitions used on this Privacy Statement:

  • Data: Data is any information that can be used to identify a person, either directly (real name, phone number, IP address, etc.) or indirectly (any combination of the aforementioned plus device fingerprints, cookies, etc.). In the specific context of the use of our platform, it is the minimum information required for the proper operation of the services provided by as well as the information the user optionally submits on any of them.
  • Services: the set of different softwares, protocols and standards used to exchange data between web applications.
  • User or you: any person or third party that access and uses the services provided by
  • Medical File Share,, we or us:
  • Platform: the set of services provided by and that are hosted on our servers.
  • Credentials: they are the username and password created and used by the user to log in to the services provided by us.
  • Federated services: services that operate on the basis of so-called federation protocols which enable users who signed up at different services providers to interact with each other. Examples of these services are Text Message, Email.
  • Brute-force attack: is a cryptographic attack that consists of submitting many passwords or passphrases, hoping to eventually find the right ones.

The Data covered by this Privacy Statement

This Privacy Statement applies to all services hosted on and its sub-domains. It does not extend to any websites or web services that can be accessed from our platform including, but not limited to, any federated services and social media websites outside Medical File Share. Federated services are those that interoperate with each other (exchanging information and services) regardless of the provider (e.g. mail or open social networks). These services use protocols that necessarily share or transfer data between different providers and therefore such interactions are outside the scope of this Privacy Statement.

It is important to note that sharing data with other services providers is a user’s choice (see 1. What data do we collect?) and is configured by the users in their services settings, including the decision what to share and with whom.

1. What data do we collect?

If a user chooses to use any of the services provided by us, the following data will be required and therefore collected by

A valid email address: required for account creation. This email address is deleted from our database after the account has been approved/denied, unless the user chooses during the registration process, to keep it for password reset process.

An username and a password: required to identify the account holder and provide the services offered by

Necessary information related to the operation and functioning of the services which may include, for example, IP address, User Agent, etc.

When a user makes an online payment to, we collect personal data such as, but not limited to, username (if any), country (in case of extra storage request for tax purposes), transaction IDs or bank account/reference. The purpose for which we use this data is merely administrative (verification of payments, accounting management) and is maintained under the same security measures described in the "How do we store your data?" section. Since all the data we collect is previously processed by a third-party payment processor such as Stripe, by using these or similar services, their use of your information is based on their terms of service and policies, not ours, so we encourage you to review those policies carefully.

Any additional information that the user chooses to supply while using the services provided by us (whether it is chats, posts, emails, etc.). This additional information is optional and with the user's consent.

1.1. What do we do with your data?

Our processing of your information is limited to providing the service.

We store logs of your activity for a period no longer than 7 days. This data is used to help diagnose software issues, maintain security of the system against intrusion and monitor the health of the platform.

1.2. How do we store your data?

To protect your data we use the following security measures:

  • We use disk encryption on all servers to prevent data leak in case the servers are stolen, confiscated or in any way physically tampered with. We provide and require SSL/TLS encryption on all "user-to-server" and "server-to-server" communications on all provided services. We utilize "end-to-end" and/or "server-side" encryption technologies whenever it is made available by services that allow it to provide maximum security for the users.

1.3. How do we backup your data?

In order to allow attempt at recovery from dataloss disaster situations, we create backups on remote server owned by We backup data on daily basis and store them for period of 7 days.

Exception from this rule applies to files uploaded to Medical File Share cloud. Due to the nature of these files - no backups are created.

2. What we do not do with your data

  • We do not collect any other data than what is needed to provide you the service.
  • We do not, in any way, process, analyze your behavior or personal characteristics to create profiles about you or your usage of the services.
  • We do not sell your data to any third party.
  • We do not share your data to any third party unless in case of federated services which requires certain data to be shared in order to operate (e.g. other email service provider needs to know your email address to be able to deliver emails).
  • We do not require any additional information that is not crucial for the operation of the service (we do not ask for phone numbers, private personal data, home address).
  • We do not read/look nor process your personal data, emails, files, etc., stored on our servers unless needed for providing the service, troubleshooting purposes or under suspicion of breaking our Terms Of Services in which case we ask for prior permission from you or inform you afterwards of all actions taken against the account in the transparency report addressed to account holder.

3. Where the data is stored?

We store all data with servers located in Australia.

4. Your rights

  • Right to access - The right to request (I) copies of your personal Data or (II) access to the information you submited and we hold at any time.
  • Right to correct - The right to have your Data rectified if it is inaccurate or incomplete.
  • Right to erase - The right to request delete or remove your Data from our servers.
  • Right to restrict the use of your Data - The right to restrict processing or limit the way we use your Data.
  • Right to Data portability - The right to move, copy or transfer your Data.
  • Right to object - The right to object to our use of your Data.

Your Medical File Share username (email address) is an integral part of your user account and cannot be modified.

Usernames remain in the database, even after erasure request, to prevent old usernames being re-used by new users, compromising the privacy of both and enabling possible identity theft. For that reason, usernames of accounts that have been deleted remain in the database to avoid being reused. However, all the linked personal information is deleted permanently.

You have the right to lodge a complain, make enquires, excercise any of the rights described above or withdraw your consent to the processing of your Data (where consent is our legal basis for processing your Data), by contacting us via email to:

5.1. Access to your information

Access to your personal data, stored files and other information you provide to any of the services offered by is under your control. This means that all data stored on our services that are bound to personal information are available for you to download either for archival purposes or to transfer to another compatible service.

6. Changes on this Privacy Statement

This privacy policy may be updated at anytime and changes will be published on this page.