Privacy Policy

Last updated: 04 March 2026 · QuickDown File Hosting · cdn.quickdown.nl

🔒 QuickDown is operated from the Netherlands and fully complies with the General Data Protection Regulation (GDPR) (EU 2016/679). This Privacy Policy explains what data we collect, why we collect it, how it is stored, and your rights under GDPR.

1. Who We Are (Data Controller)

QuickDown ("we", "us", "our") operates the file hosting platform at cdn.quickdown.nl. We are the data controller for personal data processed through this service.

Contact for privacy matters: privacy@quickdown.nl

2. Data We Collect

2.1 Account Data

When you register, we collect:

Username — chosen by you, used to identify your account
Email address — used for account recovery and important notices
Password — stored only as a secure bcrypt hash; we never store plain-text passwords
Registration date and time
Terms of Service acceptance timestamp

2.2 IP Address Logging

🌐 We log IP addresses for abuse prevention and security. By using QuickDown, you consent to this. Full details are only disclosed where required by law.

We record your IP address during account and platform activity. This data is stored securely and used to:

Prevent platform abuse and enforce our Terms of Service
Investigate reports of illegal or harmful content
Identify and block repeat abusers
Comply with lawful requests from law enforcement where legally required

We do not display, publish, or share your IP address except where disclosure is required by law or necessary to investigate a serious violation. A full audit log of your IP activity is available to platform administrators for moderation purposes only.

Legal basis: Article 6(1)(f) GDPR — Legitimate interests in preventing illegal activity and protecting our platform and users.

2.3 File Data

When you upload files, we store:

The file itself (on our servers)
Original filename, MIME type, file size
Upload timestamp and the IP address used for the upload
A unique 6-character access code
Download count

2.4 Usage Logs

Our server automatically records technical logs including IP addresses, browser user-agent strings, pages visited, and timestamps. These logs are retained for a maximum of 30 days and are used solely for security, debugging, and abuse prevention.

2.5 VPN & Proxy Detection Data

To maintain service quality and prevent the upload of illegal content via anonymizing services, we perform automated VPN and proxy detection on all connections. We use the ip-api.com service to classify IP addresses. Detection results are cached in our database for up to 24 hours. If your IP is flagged, the block event is logged. See Section 5 for more on our VPN policy.

3. How We Use Your Data

Purpose	Data Used	Legal Basis (GDPR)
Providing the file hosting service	Account data, files	Art. 6(1)(b) — Contract
Security & abuse prevention	IP logs, usage logs	Art. 6(1)(f) — Legitimate interest
VPN/proxy blocking	IP address	Art. 6(1)(f) — Legitimate interest
Legal compliance & law enforcement	IP logs, account data, files	Art. 6(1)(c) — Legal obligation
Account management	Username, email	Art. 6(1)(b) — Contract
Terms of Service enforcement	All collected data	Art. 6(1)(b) — Contract; Art. 6(1)(f) — Legitimate interest

4. Data Sharing & Disclosure

We do not sell your personal data. We do not share your data with advertisers or third-party marketing services. We may disclose data in the following limited circumstances:

Law enforcement: If we receive a valid legal request (court order, subpoena, or law enforcement demand under Dutch/EU law), we will disclose relevant data including IP addresses, account information, and uploaded files. We may also proactively report to law enforcement where we detect content that constitutes a serious crime (e.g., CSAM).
NCMEC / IWF: We will report child sexual abuse material (CSAM) to the National Center for Missing and Exploited Children (NCMEC) and/or the Internet Watch Foundation (IWF), as required.
Service providers: We use ip-api.com for IP classification. Their privacy policy applies to data sent to their API. No account or file data is shared with ip-api.com.
Legal proceedings: If necessary to protect our legal rights or defend against legal claims.

5. VPN & Proxy Blocking Policy

To keep QuickDown free and safe for all users, and to prevent anonymous uploading of illegal content, we block connections from VPNs, proxies, Tor exit nodes, and hosting/datacenter IPs. This is part of our commitment to accountability — we believe users should not be able to hide behind anonymizing services when uploading content to our platform.

When a VPN or proxy is detected, the access attempt is logged (IP address, timestamp, action type) but no additional personal data is stored. Legitimate users who trigger a false positive may contact abuse@quickdown.nl.

6. Data Retention

Data Type	Retention Period
Account data	Until account deletion, or 2 years after last activity if account is inactive
Uploaded files	Until deleted by the user or account deletion
IP logs (login/upload)	12 months, then automatically purged
VPN detection cache	24 hours per IP entry
Suspension / report records	3 years (legal compliance)
Server access logs	30 days

7. Your Rights Under GDPR

As a data subject in the EU/EEA, you have the following rights:

Right of Access (Art. 15): Request a copy of all personal data we hold about you
Right to Rectification (Art. 16): Request correction of inaccurate data
Right to Erasure (Art. 17): Request deletion of your data ("right to be forgotten") — subject to legal hold obligations
Right to Restrict Processing (Art. 18): Request we limit how we use your data
Right to Data Portability (Art. 20): Receive your data in a machine-readable format
Right to Object (Art. 21): Object to processing based on legitimate interests
Right to Lodge a Complaint: You may lodge a complaint with the Dutch supervisory authority — Autoriteit Persoonsgegevens (AP) at autoriteitpersoonsgegevens.nl

To exercise any of these rights, contact us at privacy@quickdown.nl. We will respond within 30 days.

⚠️ Note on IP address data: We may be unable to erase IP log data that is subject to an active law enforcement investigation or legal hold, or where retention is required by applicable law.

8. Data Security

We implement industry-standard technical and organisational measures to protect your data:

Passwords are hashed using bcrypt (cost factor 12)
All connections are served over HTTPS/TLS
Uploaded files are stored outside the public web root and served only through an authenticated PHP handler
Database access is restricted to application credentials with minimal required permissions
Session tokens use strict mode and httpOnly cookies

However, no system is 100% secure. We are not liable for data breaches beyond our reasonable control.

9. Cookies

We use a single session cookie (qd_session) to maintain your login state. This cookie is:

httpOnly (not accessible to JavaScript)
Session-scoped (expires when you close your browser unless you remain logged in)
Not used for tracking or advertising

We do not use any third-party tracking cookies, analytics cookies, or advertising cookies.

10. Children's Privacy

QuickDown is not directed at children under 13 years of age (or 16 in the EU/EEA). We do not knowingly collect data from children. If you believe a child has registered, contact privacy@quickdown.nl and we will delete the account promptly.

11. International Transfers

Our services are operated from the Netherlands (EU). IP classification requests are sent to ip-api.com, which may involve processing outside the EU. We rely on standard contractual clauses and adequacy decisions where applicable. No other personal data is transferred outside the EU/EEA.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users via email or an in-app notice. Continued use after the effective date constitutes acceptance. The "last updated" date at the top of this page always reflects the current version.

13. Contact

For any privacy-related questions or to exercise your rights:

Privacy requests: privacy@quickdown.nl
Abuse / content reports: abuse@quickdown.nl
DMCA / takedowns: dmca@quickdown.nl
General legal: legal@quickdown.nl