Privacy policy
Short version. You upload a file, we pay Telnyx to send it, we delete the file the moment Telnyx tells us the fax went through (or failed). We do not read the file. We do not sell anything. We do not use ad trackers. If you want the long version, keep reading.
1.What we process
When you send a fax through Shotfax, the service:
- Receives your file upload and stores it temporarily in Cloudflare R2, encrypted at rest.
- Creates a Stripe Checkout session for the $2.99 base (or higher for more than 5 pages).
- After payment, hands the file to Telnyx's fax delivery network, addressed to the destination fax number you provided.
- Deletes the file from our R2 storage immediately after Telnyx confirms delivery or failure.
2.What we store after delivery
- A job record with: job ID, destination fax number, page count, amount charged, status (delivered or failed), timestamp, and your email address (only if you chose to give one).
- The file itself is deleted. We keep no copy of the document you sent.
- Stripe holds the payment record. We never see or store credit card details.
3.Sub-processors
| Service | Purpose | What they receive |
|---|---|---|
| Cloudflare | Hosting (Workers, R2, D1) | File (transient), job metadata |
| Telnyx | Fax delivery | File contents, destination fax number |
| Stripe | Payment processing | Card details, billing email |
Telnyx is HIPAA-compliant when configured under a Business Associate Agreement. Cloudflare offers BAAs for healthcare customers. If you need a HIPAA-compliant fax service for PHI, contact us before sending so we can set it up correctly.
4.What we do not do
- We do not retain copies of your documents after delivery.
- We do not read, analyze, or process the contents of your files.
- We do not sell, share, or use your data for advertising.
- We do not run tracking cookies or analytics pixels on the upload form.
5.Your rights (GDPR, CCPA)
- Access. Email us with a job ID for a copy of the metadata we hold.
- Deletion. Job records auto-delete after 90 days. Earlier deletion on request.
- Portability. All data we hold is the metadata above. We will send it as JSON.
- Objection and restriction. You may object to processing or ask us to restrict it. In practice, once the fax is sent there is nothing left for us to process.
- Complaint to a supervisory authority. EU and UK users can lodge a complaint with their national data protection authority (list at edpb.europa.eu/members).
5a.Data controller
The data controller for Shotfax is Povilas Konopackas, a sole trader based in Lithuania, EU. Contact: povkonop@gmail.com. This is also the address for any GDPR request.
6.Data retention
- File contents. Deleted from R2 immediately after delivery or failure.
- Job records. 90 days, then auto-deleted.
- Payment records. Held by Stripe per their retention policy.
7.Security
All transmissions use TLS. Files in R2 are encrypted at rest. The fax leg uses Telnyx's private IP network with T.38 error correction for reliability. We follow OWASP guidelines for the web application and keep our attack surface small on purpose.
8.Contact
For privacy questions, reply from the address associated with your receipt or email povkonop@gmail.com.