Privacy Policy

Effective date: May 1, 2026

Welcome to Perkoon's Privacy Policy. We believe in transparency and your right to privacy.

This policy explains what data we collect, why we collect it, and what we do with it. We operate under the EU General Data Protection Regulation (GDPR).

1. Who We Are

Perkoon is operated by MB „Perkūnų šimtas", a company registered in Lithuania under EU law.

Data Controller: MB „Perkūnų šimtas"
Contact: [email protected]

2. What Data We Collect

We collect minimal data necessary to provide our service:

a) P2P Transfers (Free & Direct)

  • File contents: Never stored or accessed by us. Files go directly between your devices.
  • Session metadata: Session codes, connection status, participant count (temporary, deleted after 24 hours)
  • Anonymous statistics: Transfer size, duration, country code (for performance analysis)

b) User Accounts (Optional)

  • Email address: For magic link authentication
  • Account activity: Login timestamps, session history

c) Paid Cloud Storage (Optional)

  • Payment information: Processed by Stripe (we never see your card details)
  • Uploaded files: Stored on Storj decentralized cloud (encrypted)
  • Transaction records: Payment amounts, dates, invoice data

d) Technical & Security Data

  • IP address: For abuse prevention and security
  • Browser information: User agent, device type (for compatibility)
  • Cookies: Essential cookies only (authentication, session, security). No tracking cookies, no third-party analytics cookies, no fingerprinting cookies.

3. How We Use Your Data

We use collected data for:

  • Providing the service: Facilitating file transfers, managing accounts, processing payments
  • Security & abuse prevention: Detecting spam, DDoS attacks, illegal content
  • Service improvement: Analyzing anonymous usage patterns, optimizing performance
  • Legal compliance: Responding to valid legal requests, enforcing our Terms
  • Communication: Sending transactional emails (magic links, payment receipts, scheduled session invitations)

4. Data Storage & Retention

P2P session data: Automatically deleted 24 hours after session creation

User accounts: Retained until you delete your account

Cloud storage files: Retained according to your selected plan duration

Payment records: Kept for 7 years (EU accounting law requirement)

Analytics data: First-party, aggregated, anonymous. Stored on our own servers, never transferred to third parties. Retained indefinitely for trend analysis.

5. Data Sharing & Third Parties

We share minimal data with trusted third parties:

  • Stripe: Payment processing (see Stripe Privacy Policy)
  • Storj: Decentralized cloud storage for paid uploads (see Storj Privacy Policy)
  • Cloudflare: CDN and DDoS protection (see Cloudflare Privacy Policy)
  • Analytics: First-party telemetry running on our own servers. No third-party processor, no data export, no cross-site tracking.

We never sell your data to advertisers or third parties.

6. Your Rights Under GDPR

You have the following rights:

  • Right to access: Request a copy of all data we hold about you
  • Right to rectification: Correct inaccurate or incomplete data
  • Right to erasure ("right to be forgotten"): Delete your account and associated data
  • Right to data portability: Export your data in a machine-readable format
  • Right to restriction: Limit how we process your data
  • Right to object: Object to data processing for specific purposes
  • Right to withdraw consent: Withdraw consent for any purpose where consent is the legal basis for processing

To exercise any of these rights, contact us at [email protected]

For general questions and community support, join our Discord: discord.gg/VRutSvP9bw

Note: For formal GDPR requests (data access, deletion, etc.), please use email contact above.

7. Cookies

Perkoon uses essential cookies only — for authentication, session management, and security. We do not set tracking cookies, third-party analytics cookies, or fingerprinting cookies.

Our usage analytics are first-party and aggregate: we count events on our own servers (transfers started, completed, failed; geographic distribution at country level) without setting identifiers in your browser. Nothing leaves our infrastructure, and there is no consent toggle because there is nothing personal to consent to.

8. Security

We take security seriously and implement industry-standard measures:

  • HTTPS encryption for all connections
  • End-to-end encryption for P2P transfers (WebRTC)
  • Encrypted storage for cloud uploads (Storj)
  • Regular security audits and updates
  • Rate limiting and abuse detection

However, no system is 100% secure. Use Perkoon at your own risk.

9. International Data Transfers

Our servers are located in the European Union. If you access Perkoon from outside the EU, your data may be transferred internationally. We ensure all transfers comply with GDPR standards.

10. Children's Privacy

Perkoon is not intended for users under 16 years old. We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available at this page. Major changes will be communicated via email (for registered users).

12. Contact & Complaints

For privacy-related questions, data requests, or complaints:

Email: [email protected]
Data Controller: MB „Perkūnų šimtas"

Community Support: Join our Discord (for general questions and community help)

You also have the right to lodge a complaint with your local data protection authority.

This Privacy Policy was last updated on May 1, 2026.