1. Scope & roles
You (the controller) determine the purposes and means of processing the personal data you upload. Yungle (the processor) processes that data only to provide the service — storage, encryption, preview generation, transfer, and deletion — and only on your instructions, including those given through the product’s features.
2. Confidentiality & security
Yungle keeps the data confidential and applies appropriate technical and organizational measures, including:
- Encryption at rest with per-file keys (AES-256-GCM envelope encryption) and encryption in transit (TLS).
- A master key held outside the database, with support for key rotation.
- Strict access controls, rate limiting, and an audit trail of security-relevant actions.
- EU-only data residency on Hetzner (Germany).
3. Sub-processors
You authorize Yungle to engage the sub-processors listed in our Privacy Policy (Hetzner, Mollie, Brevo), each bound by equivalent data-protection obligations. We will inform you of intended changes and give you the opportunity to object.
4. International transfers
Personal data is processed and stored within the EU/EEA. Yungle does not transfer your data outside the EU/EEA.
5. Assistance & breach notification
Taking into account the nature of processing, Yungle assists you in responding to data-subject requests and in meeting your security, breach-notification, and impact-assessment obligations. We will notify you without undue delay after becoming aware of a personal-data breach affecting your data.
6. Deletion & return
On expiry of a transfer, deletion of content, or termination of your account, Yungle deletes the relevant personal data — including by shredding the associated encryption keys — save where storage is required by EU or member-state law. You can export your data at any time from your account.
7. Audits
Yungle makes available the information necessary to demonstrate compliance with Article 28 GDPR and contributes to audits, including inspections, conducted by you or an auditor you mandate, subject to reasonable confidentiality and security safeguards.
8. Contact
For DPA requests or to sign a countersigned copy, contact dpo@yungle.co.