How we collect, use, and protect your information.
Short version: We collect only what we need to run the service. We don't sell your data, scan your files, or run ads. Your files are encrypted and yours.
Extra Drive ("we", "us", or "our") operates the Extra Drive cloud storage service available at extradrive.net and workspace.extradrive.net (the "Service"). This Privacy Policy explains what information we collect, how we use it, and what rights you have over it.
By using Extra Drive, you agree to the collection and use of information described in this policy. If you don't agree, please stop using the Service and delete your account.
Account information. When you create an account we collect your name, email address, and a hashed password. If you sign up through a third-party provider (Google, Apple), we receive only the name and email that provider shares with us.
Your files. We store the files and folders you upload or sync to Extra Drive. These are encrypted at rest using AES-256. We do not open, read, or analyze the contents of your files for any purpose.
Usage data. We collect basic logs: when you log in, files uploaded/deleted/accessed (file names and sizes, not contents), and browser/OS type. We use this solely for operating and improving the service.
Payment information. If you upgrade to a paid plan, payments are handled by Stripe. We never see or store your credit card number — only the last four digits and expiry date that Stripe shares for display purposes.
Support communications. If you contact us via email or live chat, we keep those records to provide support and improve our responses.
We do not collect:
We use the information we collect to:
We do not use your data to:
We send product update emails only if you explicitly opt in during signup or account settings. You can unsubscribe at any time from any email we send.
Your files are stored on redundant infrastructure in the United States by default. EU-based storage is available on Pro and Team plans for GDPR compliance.
Encryption: All data is encrypted in transit using TLS 1.3 and at rest using AES-256. Your account encryption key is derived from your credentials and is unique to your account.
Access controls: We use strict internal access controls. Only a small number of engineers with documented business need can access infrastructure systems, and they cannot read your file contents. All access is logged and audited.
Data retention: Active account data is retained for as long as your account exists. Deleted files are moved to Trash and permanently purged after 30 days (Free), 1 year (Pro), or never (Team, unless you manually empty Trash). When you delete your account, all your files are removed from our servers within 30 days.
We do not sell your personal information. We share data only in these limited circumstances:
Service providers. We use a small number of trusted third-party providers to operate the service: Stripe (payments), AWS (infrastructure), and Postmark (transactional email). Each provider is bound by a Data Processing Agreement and may only use your data to provide their service to us.
Legal requirements. We may disclose information if required by law, court order, or government request. When legally permitted, we will notify you before complying. We publish a transparency report annually.
Business transfers. If Extra Drive is acquired or merges with another company, your data may be transferred. We will notify you before this happens and you will have the option to delete your account.
With your consent. We share data in other cases only with your explicit permission.
We use a minimal set of cookies necessary to operate the Service:
We do not use advertising cookies, tracking pixels, or third-party analytics cookies. We use a self-hosted analytics tool (Plausible) that collects no personal data and requires no cookie consent under GDPR.
You can disable cookies in your browser settings, but the Service will not function correctly without the session cookie.
Depending on where you live, you may have the following rights regarding your personal data:
To exercise any of these rights, email us at [email protected] with the subject line "Privacy Request." We respond to all requests within 30 days.
If you are in the EU/EEA, you also have the right to lodge a complaint with your local Data Protection Authority.
Extra Drive is not intended for children under 13 (or 16 in the EU). We do not knowingly collect personal data from children. If you believe a child has created an account, please contact us at [email protected] and we will delete the account immediately.
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and display a prominent notice in the dashboard at least 14 days before the changes take effect.
Your continued use of Extra Drive after changes take effect constitutes your acceptance of the updated policy. If you disagree with the changes, you may delete your account before they take effect.
If you have questions, concerns, or requests related to this Privacy Policy, please contact us:
Also see our Terms of Service and FAQ.