Effective date: 13 July 2026 · Last updated: 14 July 2026
Privacy Policy
This Privacy Policy explains how Default File ("Default File," "we," "us," or "our") handles information in connection with Default File at defaultfile.com. It is intended to support transparency for users in India and worldwide, including under India's Digital Personal Data Protection framework, and common expectations under regimes such as the GDPR and CCPA/CPRA where they apply.
Operator: Default File · Domain: defaultfile.com
1. Scope and relationship to other notices
This Privacy Policy applies to the website at https://defaultfile.com, the Default File platform, and related services we operate (the "Service"). It should be read together with our Terms of Service, Cookies and Local Storage Notice, and Grievance Redressal Policy.
This Policy does not apply to third-party websites, services, or applications that we do not control, even if they are linked from the Service.
Where a conflict exists between this Policy and a mandatory local law that cannot be waived, that local law prevails to the extent of the conflict for users protected by it.
2. Who we are and roles under data protection law
The operator of the Service is Default File. For privacy inquiries, contact privacy@defaultfile.com. For general legal inquiries, contact legal@defaultfile.com. For grievances, contact grievance@defaultfile.com (see our Grievance Redressal Policy).
For purposes of India's Digital Personal Data Protection Act, 2023 ("DPDP Act") and related rules, where we determine the purpose and means of processing digital personal data, we act as a Data Fiduciary, and you are a Data Principal with respect to your personal data.
For purposes of the EU/UK General Data Protection Regulation ("GDPR") where it applies, we act as a controller for personal data we determine how and why to process. For purposes of California privacy law where it applies, we act as a "business" with respect to personal information we collect.
3. Current data posture
At present, the Service is designed primarily as a client-side design utility. We do not currently require user registration, and we do not currently operate server-side file upload storage for user design assets as a core product feature.
Depending on your browser and network path, certain technical information may still be processed by hosting providers, content delivery networks, or font providers as part of delivering the Service. Those providers process data under their own terms and infrastructure practices.
We do not currently operate advertising trackers or sell personal information. If that changes, we will update this Policy and, where required, obtain consent or provide opt-out mechanisms before non-essential tracking begins.
4. Categories of information we may process
Depending on how you use the Service and how it evolves, we may process the following categories of information:
Local preference data. The Service may store preferences in your browser (for example, a preference to display simplified explanations). This data typically remains on your device unless you clear site data.
URL and share-state data. Certain tools encode configuration parameters in the page URL so that designs can be shared by link. Anyone with the link may be able to view the encoded configuration. Do not place secrets or personal data in shareable URLs.
Technical and log data. Our hosting or network providers may automatically receive standard request metadata such as IP address, user agent, timestamps, requested URLs, referrer information, and approximate location derived from IP address, for security, reliability, diagnostics, and abuse prevention.
Communications. If you email us, we process the content of your message and associated contact details to respond to your inquiry and maintain records of the correspondence.
Account and billing data (future). If we introduce accounts or Paid Plans, we may collect account credentials or identifiers, profile details you provide, subscription status, invoices, and payment-related information. Payment card data, if any, would typically be processed by a third-party payment processor and not stored in full by us.
We do not intentionally collect sensitive personal data (such as financial account passwords, biometric templates for authentication, health data, or government identity numbers) as part of ordinary use of the current Service. Please do not submit such data to us unless we expressly request it for a stated purpose.
5. Purposes of processing
We process information to: (a) provide, operate, maintain, and improve the Service; (b) secure the Service and prevent fraud, abuse, and security incidents; (c) communicate with you regarding support, grievances, or legal notices; (d) comply with legal obligations; (e) establish, exercise, or defend legal claims; and (f) if Paid Plans are introduced, process subscriptions, invoices, taxes, and related customer administration.
We process personal data only for purposes that are clear, specific, and reasonably connected to the Service you use, unless a new purpose is authorized by law or by your consent where required.
6. Legal bases and consent (where applicable)
Where data-protection laws require a legal basis, we rely on one or more of the following as applicable: performance of a contract or steps prior to entering a contract; legitimate interests that are not overridden by your rights (such as securing and improving the Service and preventing abuse); consent (where we request it, including for non-essential cookies if introduced); and compliance with legal obligations.
Under the DPDP Act, where consent is the basis for processing, consent must be free, specific, informed, unconditional, and capable of being withdrawn. Withdrawal of consent will not affect the lawfulness of processing carried out before withdrawal, and we may continue processing where another lawful ground applies (for example, legal compliance or security).
Where we rely on consent, we will provide a clear notice describing the personal data and purposes involved, and a means to withdraw consent that is no more difficult than giving consent, to the extent required by applicable law.
9. International transfers and global availability
The Service is intended to be available to users in India and in other countries. The Service may be hosted or supported using infrastructure located in multiple jurisdictions. If you access the Service from outside the country where our processors operate, your information may be transferred across borders.
Where required by applicable law, we will take steps designed to ensure an adequate level of protection for personal data, which may include contractual safeguards with processors, reliance on permitted transfer mechanisms, or limiting transfers as directed by competent authorities.
By using the Service, you understand that processing may occur in countries that may have data-protection standards different from those in your country of residence.
10. Retention
Local preference data remains on your device until you clear it. Communication and grievance records are retained for as long as needed to resolve your inquiry and for legitimate business, security, or legal recordkeeping. Server logs are retained for periods determined by our hosting providers and our security needs.
If accounts or Paid Plans are introduced, account and billing records will be retained for the life of the account and thereafter as required for tax, accounting, dispute resolution, and legal compliance.
When personal data is no longer needed for the purposes stated in this Policy, we will delete it or de-identify it, except where retention is required or permitted by law.
11. Security and reasonable security practices
We implement reasonable technical and organizational measures designed to protect information processed in connection with the Service, consistent with industry practice and applicable requirements regarding reasonable security practices (including expectations under Indian information technology and data protection frameworks where they apply).
Measures may include access controls, encrypted transport (HTTPS), least-privilege operational practices, and vendor due diligence appropriate to our processing activities.
No method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for securing devices and networks you use to access the Service.
12. Children's privacy
The Service is not directed to children under the age of 18 for purposes of India's DPDP Act, or under the age of 13 (or the higher age of digital consent in your jurisdiction) for other applicable laws. We do not knowingly process personal data of children for behavioral monitoring, tracking, or targeted advertising.
If you believe a child has provided personal information to us, contact us and we will take appropriate steps to delete it and cease related processing where required.
13. Rights of Data Principals in India
Subject to the DPDP Act and applicable rules, Data Principals in India may have rights including: (a) the right to access a summary of personal data being processed and processing activities; (b) the right to correction, completion, updating, and erasure of personal data; (c) the right to withdraw consent where processing is based on consent; (d) the right to grievance redressal; and (e) the right to nominate another individual to exercise rights in the event of death or incapacity, where provided by law.
To exercise these rights, contact privacy@defaultfile.com or our Grievance Officer at grievance@defaultfile.com. We may need to verify your identity before fulfilling a request. We will respond within timelines required by applicable law.
If you are not satisfied with our response, you may escalate as described in our Grievance Redressal Policy at https://defaultfile.com/legal/grievance, and you may have the right to approach the Data Protection Board of India or other competent authority once available and as permitted by law.
14. Rights under GDPR, UK GDPR, and similar laws
If the GDPR, UK GDPR, or a similar law applies to you, you may have rights to request access, rectification, erasure, restriction of processing, data portability, and to object to certain processing, as well as the right not to be subject to solely automated decision-making producing legal or similarly significant effects, where those rights apply.
You may also have the right to lodge a complaint with a supervisory authority in your country of residence or workplace. To exercise rights with us, contact privacy@defaultfile.com.
15. Notice for California residents (CCPA/CPRA and CalOPPA)
If you are a California resident and California privacy law applies, you may have rights to know the categories and specific pieces of personal information we collect, to delete personal information, to correct inaccurate personal information, and to opt out of sale or sharing of personal information, subject to statutory exceptions.
In the preceding twelve months, depending on your interactions, categories of personal information that may have been collected include identifiers and internet or network activity information (such as IP address and request logs via hosting providers), and any information you voluntarily send by email. We collect this information for the business purposes described in this Policy.
We do not sell personal information and do not presently share it for cross-context behavioral advertising. We do not use or disclose sensitive personal information for purposes that require a right to limit under California law in connection with the current Service.
Consistent with California Online Privacy Protection Act (CalOPPA) expectations: you may visit the Service without creating an account; a Privacy Policy link is available from the site footer; material changes will be posted on this page; and you may contact us to update information you have provided by email.
To submit a request, contact privacy@defaultfile.com. We will not discriminate against you for exercising privacy rights.
16. Do Not Track signals
Some browsers offer a "Do Not Track" (DNT) setting. Because there is no uniform industry standard for responding to DNT signals, and because we do not presently operate advertising or cross-site tracking cookies on the Service, we do not alter Service behavior solely based on DNT signals at this time.
If we later introduce non-essential analytics or advertising technologies, we will update this Policy and our Cookies and Local Storage Notice to describe how we respond to DNT or comparable preference signals, and we will implement consent or opt-out controls as required by law.
17. Automated decision-making
The current Service does not make decisions that produce legal or similarly significant effects about you solely by automated means. Design generation features produce creative or educational outputs based on parameters you control and do not constitute profiling for employment, credit, or similar decisions.
18. Free Service and future Paid Plans
The Service is currently free. If we introduce Paid Plans as described in our Terms of Service, we may process additional information necessary for billing, subscription management, fraud prevention, tax compliance, and customer support. We will update this Privacy Policy before or when such processing begins, as required.
19. Grievance redressal
Privacy and data-protection grievances may be submitted to grievance@defaultfile.com, addressed to Vignesh V. Further details, timelines, and escalation steps are set out in our Grievance Redressal Policy at https://defaultfile.com/legal/grievance.
20. Changes to this Policy
We may update this Privacy Policy from time to time. The "Last updated" date indicates the most recent revision. Material changes will be posted on this page and, where appropriate, accompanied by additional notice on the Service.
Where required by law, we will seek fresh consent or provide an opportunity to object before processing under a materially new purpose.
21. Governing law
Unless mandatory local law provides otherwise, this Privacy Policy is interpreted in accordance with the laws of India, consistent with our Terms of Service. Mandatory consumer and data-protection rights in your jurisdiction remain unaffected to the extent they cannot be waived.
22. Contact
Privacy contact: privacy@defaultfile.com.
Grievance contact: grievance@defaultfile.com.
Operator: Default File, a personal project by Vignesh V. Domain: defaultfile.com.