Privacy Policy

1. What We Collect

When you sign in with GitHub, we receive and store your GitHub username, primary email address, and profile image URL. We use this information to identify your account and display your profile within the service.

We store the JSON files you create, along with metadata: the file token, file size, creation timestamp, and last accessed timestamp. For anonymous files, no account information is associated — only an expiry timestamp is recorded.

We collect standard server-side usage data such as IP addresses (used for rate limiting) and request timestamps. We do not use analytics tracking scripts or third-party ad tracking of any kind.

2. How We Use It

Your data is used solely to provide the OneJSONFile service: storing your JSON files, authenticating your requests, and enforcing per-account limits.

Your email address is used to send transactional emails — subscription confirmations, cancellation notices, and support replies. We do not send marketing emails.

Your IP address is used to enforce rate limits on API requests. It is not stored persistently beyond the rate-limiting window.

3. Data Storage and Security

File content is stored in Cloudflare R2, a US-based object storage service. Account metadata is stored in a PostgreSQL database hosted on Neon. All data is transmitted over HTTPS only — there are no unencrypted access paths.

Each file is accessible only via its unique token. Authenticated files can be written to by anyone with the token — token possession is the write credential. If you are signed in as a different account and attempt to write to a file you do not own, the request will be rejected.

Sessions are managed by Auth.js using encrypted, server-side session tokens. We do not store passwords. Authentication is handled entirely through GitHub OAuth.

4. Third-Party Services

We use the following third-party services to operate OneJSONFile:

• GitHub OAuth: Authentication. GitHub receives login requests and returns your profile data.
• Cloudflare R2: File storage. Your JSON files are stored in Cloudflare's US-based object storage.
• Vercel: Hosting and edge network. All API requests are served through Vercel's infrastructure.
• Neon: Database. Account metadata and file records are stored in a serverless PostgreSQL database.
• Upstash Redis: Rate limiting. Per-IP and per-token request counts are tracked in Redis with short TTLs.
• Stripe: Payments. Subscription billing for Indie and Pro plans. Stripe handles all payment data — we never see your card details.
• Resend: Email delivery. Transactional emails (subscription confirmations, support replies) are sent via Resend.

We do not sell your data to any third party, and none of the above services are used for advertising purposes.

5. Data Retention

Anonymous files expire and are deleted automatically 24 hours after creation.

Authenticated files are retained until you delete them or delete your account. There is no automatic expiry for files belonging to registered users.

Account data (GitHub username, email, profile image) is retained while your account exists. Upon account deletion, your files and account data are removed. To request account deletion, email support@onejsonfile.com.

6. Your Rights

You may request access to, correction of, or deletion of your personal data at any time by contacting us at support@onejsonfile.com.

You may delete your own files at any time from the dashboard. Deleting a file immediately and permanently removes its content from storage.

7. Cookies

We use a single session cookie to keep you signed in. This cookie is HTTP-only, scoped to this domain, and contains only an encrypted session identifier — no personal data is stored directly in the cookie.

We do not use tracking cookies, advertising cookies, or any third-party analytics scripts. No cookies are set for users who are not signed in.

8. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page. Continued use of the service after changes are posted constitutes acceptance of the revised policy. For material changes, we will make reasonable efforts to notify users via email.

9. Contact

Questions about this Privacy Policy can be sent to support@onejsonfile.com.