QuickDown, operated from the Netherlands. Contact: privacy@quickdown.nl
| Data | Purpose | Legal basis (GDPR Art. 6) |
|---|---|---|
| Username, email, hashed password | Account provision | (b) Contract |
| IP addresses | Abuse prevention, legal compliance | (f) Legitimate interest; (c) Legal obligation |
| Uploaded files + metadata | Providing the service | (b) Contract |
Session cookie (qd_session) | Keeping you logged in | (b) Contract |
We do not use your data for advertising. We do not sell it.
| Data | Kept for |
|---|---|
| Account data | Until deletion or 2 years inactivity |
| Uploaded files | Until deleted by you |
| IP logs | 12 months |
| Abuse / report records | 3 years (legal obligation) |
| Server access logs | 30 days |
We share data only when legally required — for example in response to a valid court order, or when we proactively report illegal content (such as CSAM) to the Dutch police and NCMEC as mandated by law. We use ip-api.com for VPN detection; only your IP is sent to their API.
You have the right to access, rectify, erase, restrict, or port your data, and to object to processing. To exercise these rights email privacy@quickdown.nl. We respond within 30 days. You may also lodge a complaint with the Autoriteit Persoonsgegevens.
Note: IP data subject to an active legal investigation cannot be erased until that obligation lapses.
Passwords are bcrypt-hashed. Sessions use httpOnly cookies. Files are served through an authenticated handler, not directly from the web root.
We will notify registered users of material changes via email or an in-app notice.