1. Who we are
Prosochi is a service operated by IOLIS Ltd, a company registered in England and Wales (company number 11968202). Our registered office is at C5 Business Centre C5 North Road, Bridgend Industrial Estate, Bridgend, Wales, CF31 3TP.
For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, IOLIS Ltd is the data controller for personal data processed through the Prosochi platform.
If you have any questions about this policy or how we handle your data, you can contact us at privacy@iolisarc.com.
2. What data we collect
We collect different categories of personal data depending on how you interact with Prosochi:
Account holders (senders)
- Name and email address provided during registration
- Password (stored only as an Argon2id cryptographic hash — we never see or store your plaintext password)
- Billing information if you subscribe to a paid plan (processed by our payment provider; we do not store full card details)
- IP addresses, browser type, and session data when you access the platform
Recipients and uploaders (no account required)
- Email address (used solely for one-time code verification)
- IP address and browser information at the time of access
Transferred files
3. How we use your data
| Purpose | Legal basis (UK GDPR) |
|---|---|
| Providing the Prosochi service (sending, receiving, verifying access) | Performance of a contract (Art. 6(1)(b)) |
| Maintaining tamper-evident audit logs of file access | Legitimate interests (Art. 6(1)(f)) — security and accountability |
| Sending transactional emails (OTP codes, download notifications) | Performance of a contract (Art. 6(1)(b)) |
| Processing payments for paid subscriptions | Performance of a contract (Art. 6(1)(b)) |
| Preventing fraud, abuse, and ensuring platform security | Legitimate interests (Art. 6(1)(f)) |
| Complying with legal obligations (e.g. tax records, law enforcement requests) | Legal obligation (Art. 6(1)(c)) |
4. Who we share your data with
We do not sell, rent, or trade your personal data with any third party. We share data only with the following categories of processors, all of whom are bound by data processing agreements:
- Azure Key Vault (Microsoft) — hardware security module for encryption key management. Microsoft does not have access to your files or file metadata.
- Email delivery provider — for sending transactional emails such as one-time verification codes and notifications.
- Payment processor — for handling subscription payments. We do not receive or store full payment card details.
We may also disclose personal data if required to do so by law or in response to a valid legal request from a public authority.
5. Where your data is stored
All files and associated metadata are stored on a dedicated bare-metal server located in Finland, within the European Union. The server is not shared with any other organisation. There is no multi-tenancy, no shared hypervisor, and no shared storage.
Account and audit data is also stored on EU infrastructure. We do not transfer your data outside the UK or EEA unless explicitly required by you (for example, if you send a file to a recipient located outside the EEA).
6. How long we keep your data
- Transferred files: Deleted permanently when the package expiry date passes. You set the expiry period (from one day to three months).
- Audit logs: Retained for 12 months after the associated package expires, then permanently deleted.
- Account data: Retained for as long as your account is active. If you close your account, personal data is deleted within 30 days, except where we are legally required to retain it (e.g. billing records for tax purposes).
- Recipient email addresses: Retained only in the audit log. Not used for marketing or any other purpose.
7. Your rights
Under the UK GDPR, you have the following rights in relation to your personal data:
- Access — request a copy of the personal data we hold about you.
- Rectification — request correction of inaccurate data.
- Erasure — request deletion of your data (subject to legal retention requirements).
- Restriction — request that we limit how we process your data.
- Portability — request your data in a structured, machine-readable format.
- Objection — object to processing based on legitimate interests.
To exercise any of these rights, contact us at privacy@iolisarc.com. We will respond within one month.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data protection rights have been breached.
8. Cookies
Prosochi uses only strictly necessary cookies to operate the service. These include:
- Session cookie — maintains your authenticated session. Expires after 30 minutes of inactivity (or 7 days if you select "remember me"). Marked
SecureandHttpOnly. - CSRF token — prevents cross-site request forgery attacks.
We do not use analytics cookies, advertising cookies, or any third-party tracking. No cookie consent banner is required because we only use strictly necessary cookies.
9. Security
We take the security of your data extremely seriously. For full details of our security architecture, see our Security Overview. Key measures include:
- AES-256-GCM encryption of all files at rest
- HSM-backed key management via Azure Key Vault
- Argon2id password hashing
- HTTPS everywhere with HSTS enforcement
- Cryptographically signed, tamper-evident session tokens
- Dedicated, non-shared EU infrastructure
10. Children
Prosochi is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child, we will take steps to delete that data promptly.
11. Changes to this policy
We may update this policy from time to time. If we make significant changes, we will notify account holders by email. The "last updated" date at the top of this page indicates when the policy was most recently revised.
12. Contact
If you have any questions about this privacy policy or our data practices, please contact:
IOLIS Ltd
C5 Business Centre C5 North Road
Bridgend Industrial Estate
Bridgend, Wales, CF31 3TP
info@iolisarc.com