Your privacy, plainly.
How we handle your data at MediaLocker. Effective July 14, 2026.
This is a plain-language summary of our privacy practices, not exhaustive legal advice. If you have specific compliance requirements, reach out and we'll help.
The short version
We collect only what we need to run your account, bill you fairly, and keep the service secure. We never train AI on your media, and we never sell or rent your data. Your files, buckets, and keys are yours.
What we collect
- Account details — your email address (and name, if you provide one), managed through our authentication provider.
- Billing information — handled by Stripe. We store customer and subscription identifiers, not your full card number.
- Your media — the files you upload, stored in object storage. We generate only the thumbnails and metadata needed to power your library.
- Usage & logs — storage and bandwidth metrics and API request logs, used to bill accurately and operate the service.
- Analytics — if enabled, privacy-friendly, cookieless analytics (Plausible). No cross-site tracking.
What we never do
- Train AI or machine-learning models on your files.
- Sell, rent, or trade your personal data.
- Load advertising or cross-site tracking scripts.
How we use your data
To operate and secure the service, bill you for storage, prevent abuse, and provide support. That's it.
Subprocessors
We rely on a small set of trusted providers to run MediaLocker: Supabase (authentication & database), Stripe (payments), Hetzner (object storage & compute), and Plausible (optional analytics). Each processes only the data needed for its role.
Cookies
We use essential session cookies to keep you signed in during sign-up and account access. We do not use advertising or tracking cookies.
Retention & your rights
We keep your data while your account is active. You can request access to, export of, or deletion of your data at any time — and when you close your account, we remove your media and personal data. Email us and we'll take care of it.
Security
Data is encrypted in transit, API keys are scoped and hashed at rest, and access to production systems is tightly limited. If you believe you've found a vulnerability, please contact us.
Contact
Questions about privacy? Email support@medialocker.io.