sc-andinavia ← dashboard

Legal

Privacy Policy

Last updated: 2026-03-16 Soli City A/V Solutions

sc-andinavia (“we”, “us”, “our”) is a file transfer and file viewing service operated by Soli City A/V Solutions, based in Copenhagen, Denmark. This Privacy Policy explains what we collect, why we collect it, how we use it, and the choices you have.

1. Who we are

Data controller: Soli City A/V Solutions
Address: Toftegårds Allé 19, 2500 Valby, Denmark
Privacy contact: welcome@sc-andinavia.com
Support: support@sc-andinavia.com

2. What this policy covers

This policy covers personal data processed when you:

  • visit our website,
  • create or use an account,
  • upload, send, receive, download, or view transfers (including file players/viewers),
  • purchase or manage a subscription,
  • contact support.

3. What we collect

We collect only what we need to run and secure the service.

A) Account data (if you create an account)

  • Email address
  • Password (stored as a secure hash, not plaintext)
  • Account settings and preferences
  • Subscription status and plan details

B) Transfer and usage data

  • Sender and recipient identifiers you provide (e.g., email addresses)
  • Transfer metadata: file name(s), file size(s), upload/download timestamps, transfer ID, expiration date
  • Technical data: IP address, device/browser/app information (user agent), and basic logs needed for security and troubleshooting

C) Content you upload

  • Files and content you upload for transfer or viewing (“Content”)
  • Optional message text you include with a transfer

D) Subscription payments
Subscription payments are processed by Stripe. We do not store full card numbers. We typically receive:

  • Billing and invoice information (as provided to Stripe)
  • Payment status and transaction references (e.g., charge ID)
  • Plan, price, currency, and tax/VAT information where applicable

E) Cookies
We use essential cookies only for security, session management, and login. We do not use analytics cookies.

4. What we do not do

  • No ads and no third-party behavioral advertising.
  • No analytics tracking (no analytics platform).
  • No selling of personal data.
  • sc-andinavia does not offer paid downloads/marketplace transactions between users.

5. Why we process data

We process personal data to:

  1. Provide file transfers, downloads, and file viewing/player features
  2. Operate accounts and subscriptions
  3. Prevent abuse, fraud, and unauthorized access
  4. Maintain service performance, reliability, and security (debugging, rate limiting, incident response)
  5. Communicate service-related messages (security notices, important service changes, account emails)
  6. Comply with legal obligations (e.g., accounting/tax records for subscriptions)

6. Legal bases (GDPR)

Where GDPR applies, we rely on:

  • Contract (Art. 6(1)(b)) to provide transfers, accounts, and subscriptions
  • Legitimate interests (Art. 6(1)(f)) to secure, maintain, and improve reliability of the service (including anti-abuse)
  • Legal obligation (Art. 6(1)(c)) for accounting/tax and compliance obligations
  • Consent (Art. 6(1)(a)) only if we introduce any optional features that require it (currently: none for analytics)

7. How we use and protect uploaded files

We process uploaded files only to provide the service, including storing files for the duration of a transfer and enabling preview/playback via our file players/viewers.

We also apply safeguards to protect the service and users, including measures designed to prevent scraping, data mining, and automated extraction of Content and metadata (for example, rate limiting, access controls, bot detection, and abuse monitoring).

AI training: We do not use your uploaded files to train machine learning or generative AI models.

8. Who we share data with

We share data only with service providers necessary to run sc-andinavia, under contracts that require appropriate security and confidentiality.

Key providers:

  • Cloudflare (infrastructure, delivery, and protection). Cloudflare may process limited technical data (e.g., IP address, request metadata) to deliver and protect the service.
  • Stripe (subscription payments).

We may also use additional vendors for essential functions (e.g., email delivery for account and transfer notifications) — if used, they are bound by similar contractual safeguards.

Public sharing: If you generate a share link, anyone with that link may be able to access the transfer (depending on your settings). You are responsible for how you share links and passwords.

9. International data transfers

Because we use Cloudflare with processing in the EU and the US, some data may be processed outside the EEA. Where required, we rely on appropriate safeguards such as the EU Standard Contractual Clauses (SCCs) and supplementary measures where applicable.

10. Retention

Transfers & uploaded content:

  • Default expiration: 14 days
  • Maximum expiration: up to 999 days (when configured)

Content is deleted when the transfer expires, is deleted by you (if available), or is otherwise removed according to service functionality.

Account data: kept while your account is active. After closure, we delete or anonymize account data within a reasonable period, unless we must retain certain records for legal reasons.

Security and operational logs: retained for a limited period necessary for security, abuse prevention, and troubleshooting.

Billing records: retained as required by applicable accounting and tax laws.

11. Security

We use technical and organizational measures designed to protect personal data, including:

  • encryption in transit (TLS)
  • access controls and least-privilege practices
  • secure password hashing
  • anti-abuse measures intended to prevent scraping/mining and unauthorized automated access
  • monitoring and incident response procedures

No method of transmission or storage is 100% secure, but we work continuously to reduce risk.

12. Your rights

Depending on where you live (including the EEA/UK), you may have rights to:

  • access your data
  • correct inaccurate data
  • delete your data
  • restrict or object to processing
  • data portability
  • withdraw consent (where processing is based on consent)

How to exercise rights: email us at welcome@sc-andinavia.com

Complaints (Denmark): You can also lodge a complaint with Datatilsynet (Danish Data Protection Agency).

13. Children

sc-andinavia is not intended for children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us at welcome@sc-andinavia.com.

14. Changes to this policy

If we change this policy, we will update the “Last updated” date and, if changes are material, we will notify users via the service or by email.

15. Contact

Soli City A/V Solutions
Toftegårds Allé 19, 2500 Valby, Denmark
Privacy: welcome@sc-andinavia.com
Support: support@sc-andinavia.com