Privacy Policy

Effective 2026-04-28 · Last updated 2026-04-28

temp-host.com is a temporary file-sharing service. We try to know as little about you as possible. This page describes — in plain English — what we store, what we don't, how long we keep it, and what happens when a court or a copyright holder shows up at the door.

What we store

When you upload a file, we store the file itself on our server's disk and a small metadata record in a flat-file JSON database. That record contains exactly the following fields:

original filename (the name you uploaded with)
stored filename (a random 8-character ID + extension)
file size in bytes
MIME type as reported by your browser
upload timestamp (server time, UTC)
expiry timestamp
maximum downloads allowed
current download count

The link we hand you — https://temp-host.com/f/<id> — is the only way to retrieve the file. There is no list, no search, no index, no public directory.

What we don't store

your IP address — not in our database, not associated with the upload
cookies — there are none on this site
analytics or telemetry — no Google Analytics, no Plausible, no pixels, no third-party scripts
fingerprints — we don't run client-side fingerprinting
your email, name, or any account information — there are no accounts
file contents in any backup, archive, or third-party CDN — files live on our disk only

Server access logs. Like every webserver on the internet, the operating system writes access log lines (IP, timestamp, request line, response code, user-agent) to disk. These are kept for a maximum of 14 days for abuse and security purposes, then rotated and deleted. They are not joined to upload records, not indexed, and not used for analytics. We do not voluntarily share them.

How long we keep things

Files are deleted automatically when either condition fires first:

the expiry you selected (1 hour, 6 hours, 24 hours, 7 days, or 30 days) elapses, or
the maximum download count is reached.

Cleanup runs on every upload and download request. When a file is deleted, both the file on disk and its metadata record are removed in the same operation. There is no soft-delete, no recycle bin, and no archive. Once it's gone, we have no copy of it and no way to retrieve it.

Backups. The uploads/ directory is excluded from system backups. Server-level backups capture configuration and code, not user content.

Legal requests

We comply with valid legal process. We also push back when we should, and we keep almost nothing, so most requests come back empty.

DMCA takedowns

Copyright holders may submit a DMCA notice to the contact address on the about page. We will remove the file promptly — usually faster than required, since the file is probably about to expire anyway. A counter-notice procedure is available; valid counter-notices may result in restoration after the statutory waiting period.

Law enforcement

We respond to subpoenas, court orders, search warrants, and equivalent process from jurisdictions with authority over the operator. We do not respond to informal requests, "preservation letters" without legal weight, or requests from foreign governments without an MLAT or equivalent route.

What we can usually provide, if the file still exists at the time of service: the file itself, its upload and expiry timestamps, and the access log lines (if within the 14-day window) that touched the file's URL. We cannot identify the uploader — we don't store that information in the first place. The IP that uploaded the file is, at most, in the rotating webserver access log, alongside thousands of unrelated requests, and only if service is fast enough.

Where legally permitted, we will notify the affected user before disclosure. Since we have no user accounts and no contact information, this notice is academic for almost every conceivable case.

Abuse policy

Reports of malware, CSAM, doxing, copyright infringement, or other prohibited content (see the terms of service) can be sent to the contact address on the about page. We act on every credible report. CSAM is reported to NCMEC and the file is preserved for the period required by 18 U.S.C. § 2258A.

Your rights

Under the GDPR, CCPA, and similar laws, you have rights of access, deletion, and rectification over personal data we hold about you. In our case, the answer is short: we hold no personal data about you. We have no way to look you up, because we never asked who you were. If you want a specific file deleted before its expiry, send the link to our abuse address and we'll honor it.

Contact

Privacy and abuse questions: see the contact address on the about page. Please include the full https://temp-host.com/f/<id> URL when reporting a specific file.

Changes to this policy. If we change this policy materially, the "Last updated" date at the top of the page will change. There is no mailing list to notify, and no account to ping — that's the whole point.