MarcoSend Logo
MarcoSend
Back to Home

Privacy Policy

Last updated: November 18, 2025

Introduction

MarcoSend ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our peer-to-peer file transfer service. Please read this privacy policy carefully. By using MarcoSend, you consent to the practices described in this policy.

Information We Do Not Collect

MarcoSend is designed with privacy as a core principle. We do not collect, store, or have access to:

  • File contents: We never see, store, or have access to the files you transfer. All files are transferred directly between your devices using peer-to-peer connections.
  • File names and types: We do not track file names or file types beyond what is necessary for the active transfer session.

Information We Collect

To provide our service, we collect the following information:

  • Authentication information: When using the web client, Firebase Anonymous Authentication creates a temporary, anonymous user ID. If you create an account, we collect account information such as email address and authentication credentials. This information is used to identify your session and manage your account.
  • File sizes: We collect file sizes for all transfers to track data usage, enforce usage quotas, and manage billing for paid accounts. File sizes are necessary for quota enforcement and service management.
  • Session metadata: We temporarily store minimal session information (session IDs, join tokens, connection signaling data) in Firebase Firestore. This data is automatically deleted via TTL (Time To Live) policies after the session ends or times out.
  • Usage statistics: We collect aggregated usage statistics (file count, transfer sizes, data transfer volume) for quota enforcement, billing, and service improvement. For authenticated users, this data is associated with your account. For anonymous users, usage data is tracked temporarily for quota enforcement.
  • Billing information (paid accounts): If you subscribe to a paid plan, we collect payment information through our payment processor. This includes billing address, payment method details (processed securely by our payment provider), and subscription status.
  • Logs and analytics: Our cloud functions may log IP addresses and request metadata for security and debugging purposes. These logs are retained for up to 30 days and may include connection attempts, errors, and quota enforcement events.

How We Use Information

We use the information we collect to:

  • Establish and maintain WebRTC connections between your devices
  • Enforce usage quotas and prevent abuse
  • Track data usage for billing and quota management
  • Process payments and manage subscriptions for paid accounts
  • Provide customer support and account management
  • Debug and improve our service
  • Monitor for security threats and unauthorized access
  • Comply with legal obligations

Data Storage and Retention

No file storage: Files are never stored on our servers. They are transferred directly between your devices using encrypted WebRTC data channels.

Ephemeral session data: Session metadata stored in Firebase Firestore is automatically deleted via TTL (Time To Live) policies.

Account data: For authenticated users, account information, usage statistics, and billing information are retained for as long as your account is active. You may request deletion of your account and associated data at any time.

Log retention: Cloud function logs and analytics are retained for up to 30 days, after which they are automatically purged.

Third-Party Services

MarcoSend uses the following third-party services:

  • Firebase (Google): We use Firebase for authentication, Firestore database, and cloud functions. Firebase's privacy policy applies to their services. See Firebase Privacy Policy.
  • Cloudflare: We use Cloudflare's TURN service for network relay when direct peer-to-peer connections are not possible. Cloudflare only forwards encrypted data packets and cannot decrypt your files. See Cloudflare Privacy Policy.

Neither Firebase nor Cloudflare have access to your file contents or session encryption keys. All file data remains encrypted throughout the transfer process.

Security

We implement multiple layers of security to protect your data:

  • End-to-end encryption: All file data is encrypted with AES-256-GCM using a session key that is never transmitted over the internet.
  • Transport encryption: WebRTC data channels use DTLS encryption, ensuring data is encrypted even when relayed through TURN servers.
  • Out-of-band key exchange: Session keys are embedded in QR codes and scanned optically, never transmitted over networks.
  • Single-use tokens: Join tokens can only be used once and expire after 3 minutes.
  • No persistent storage: Files are never stored on our servers, minimizing the risk of data breaches.

For more details about our security practices, please see our Security page.

Your Rights

Depending on your location, you may have certain rights regarding your personal information:

  • Access: You can request information about what data we have collected about you.
  • Deletion: You can request deletion of your data. For authenticated users, you may delete your account and all associated data at any time. Anonymous session data is automatically deleted via TTL policies.
  • Correction: You can update or correct your account information at any time through your account settings.
  • Opt-out: You may opt out of analytics aggregation where legally required.

To exercise these rights, please contact us using the information provided in the "Contact Us" section below.

Children's Privacy

MarcoSend is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately so we can delete the information.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

Contact Us

If you have any questions about this Privacy Policy, please visit our Contact page for information on how to reach us.