Privacy Policy

Last Updated: October 20, 2025

This privacy policy explains exactly how L0ss handles your data, what privacy mechanisms are in place, and what information is collected and stored.

      TL;DR: We don't want your data. Files are temporarily stored for compression,
      automatically deleted within 24 hours (or immediately after download), and never shared with anyone.
      No tracking, no analytics for individual users, no third-party sharing.
    

1. Data Collection & Storage

What We Collect

Your uploaded files - Temporarily stored in Cloudflare R2 for processing
Compression statistics - File size, compression ratio, processing time (anonymized)
IP address - Used only for rate limiting, not stored permanently

What We DON'T Collect

Personal information (name, email, etc.)
File contents for analysis beyond compression
Browsing history or tracking cookies
Third-party analytics or advertising data

2. How Your Data is Stored

File Storage (R2)

// Storage configuration Storage Location: Cloudflare R2 (distributed edge storage) Encryption: AES-256 at rest Transport: TLS 1.3 in transit Access: Unique, non-guessable IDs only Retention: 24 hours maximum, deleted after first download

Technical Details:

Unique IDs: Each file gets a unique ID (e.g., file_mgyxpxoj58uovr4) generated using timestamp + random string
No filename storage: Original filenames are only kept in metadata for download headers
Auto-deletion: Files are automatically deleted after 24 hours or first download
No file indexing: Files cannot be browsed or listed - you need the exact ID

Caching (KV Storage)

// KV namespace usage KV_RESULTS: Stores compression results (1 hour TTL) KV_PROFILES: Stores optimization profiles (7 day TTL) KV_PATTERNS: Stores common patterns (1 day TTL) KV_RATE_LIMIT: Tracks rate limits (1 hour TTL) Data Stored: File hash + compression settings → result Privacy: No file contents, only compression metadata

3. Privacy Mechanisms

Encryption

At Rest: AES-256 encryption on all stored files (Cloudflare R2)
In Transit: TLS 1.3 for all API communications

Auto-Deletion

Files are automatically deleted after 24 hours or immediately after first download. This ensures your data doesn't remain on our servers longer than necessary.

4. What We Track (Anonymized)

Analytics Engine Data

We collect anonymized metrics for service improvement:

// Analytics data points (no personal info) { "fileType": "JSON", // Type of file compressed "lossLevel": "moderate", // Compression level used "originalSize": 1024, // File size in bytes "compressedSize": 512, // Compressed size "reductionPercent": 50, // Compression ratio "processingTime": 15 // Time in milliseconds } NOT Tracked: - Filenames - File contents - IP addresses (beyond rate limiting) - User identity - Access patterns

5. Third-Party Services

Cloudflare

Purpose: Infrastructure (Workers, R2, KV, Analytics)
Data Shared: Only what's necessary for service operation
Privacy Policy: Cloudflare Privacy Policy

No Other Third Parties

We DO NOT use:

Google Analytics or any tracking scripts
Advertising networks
Social media pixels
Third-party CDNs for tracking
Email marketing services

6. Your Rights (GDPR/CCPA)

Right to Delete

Files automatically delete after 24 hours or first download. You can also request deletion by contacting us with your file ID.

Right to Access

You can access your files using the download URL provided after compression. Recovery manifests are available for all compressions.

Right to Export

All compressed files and manifests are downloadable in standard formats. No proprietary formats are used.

Right to Object

You can object to processing by not using the service. No data is collected unless you upload files.

7. Security Measures

Rate Limiting: Prevents abuse (10 requests per hour per IP)
File Size Limits: 10MB maximum to prevent resource abuse
No Public Listing: Files are only accessible via unique, non-guessable IDs
HTTPS Only: All connections encrypted with TLS 1.3

8. Data Breach Notification

In the unlikely event of a data breach:

We will notify affected users within 72 hours
Notification will be posted on the homepage
Details of the breach and mitigation steps will be provided

9. Children's Privacy

L0ss is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided information to us, please contact us to have it removed.

10. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Continued use of the service after changes constitutes acceptance of the new policy.

11. Compliance

L0ss is designed to comply with:

GDPR (General Data Protection Regulation - EU)
CCPA (California Consumer Privacy Act - USA)
Best Practices for data minimization and user privacy

Our Privacy Promise

We built L0ss with privacy as a core principle, not an afterthought. We don't want your data, we don't sell your data, and we automatically delete your data. The service exists to compress files, not to track users.

← Back to Home