Privacy Policy
Last updated: March 3, 2026
What We Collect
We collect your email address (for restoration delivery), a payment token from our payment processor (we never see your full card number), anonymised scan metadata (drive size, file type counts, scan duration for service improvement), and server logs (IP address, request timestamps — retained 30 days).
What We Do NOT Collect
We do not collect, store, or index the content of your restored files. We do not collect device identifiers beyond what is technically necessary for the relay session. We do not use tracking pixels, cross-site cookies, or share data with advertising networks.
How We Use Your Data
Email: to deliver your restoration link and product updates (opt-out available). Payment token: to process your one-time charge or subscription. Scan metadata: anonymous aggregate analytics to improve restoration algorithms. Nothing is sold to third parties.
Data Retention
Email and transaction records: retained for 7 years for legal and tax compliance. Scan metadata: retained in anonymised form indefinitely. RestoreIt content: deleted automatically after 7 days (Standard) or 30 days (Pro). All raw disk stream data is discarded immediately after restoration.
Encryption
All data in transit uses TLS 1.3. All data at rest in RestoreIt Cloud uses AES-256. Cloud access requires email verification and is optionally protected by two-factor authentication.
Your Rights (GDPR)
If you are in the EU or EEA, you have the right to access, correct, export, or delete your personal data. To exercise any of these rights, email privacy@restoreit.app. We respond within 30 days. You may withdraw consent for email marketing at any time via the unsubscribe link in any email.
Zero-Knowledge Principle
RestoreIt processes raw binary streams from your disk. Our infrastructure does not read, interpret, or catalogue file content for any purpose other than restoration. Employees cannot access the content of your RestoreIt Cloud storage. Cloud data is encrypted with a key derived from your session — not accessible to RestoreIt staff.
Cookies
We use a single session cookie for checkout authentication. We do not use tracking cookies, analytics cookies, or third-party marketing cookies.
Children
restoreit is not directed to children under 13. We do not knowingly collect any personal data from children. If you believe a child has created an account, contact privacy@restoreit.app.
Changes
Material changes to this policy will be communicated by email at least 14 days before taking effect. The date of last update is shown at the top of this page.