Effective date: 13 July 2026 · Last updated: 14 July 2026

Privacy Policy

This Privacy Policy explains how Default File ("Default File," "we," "us," or "our") handles information in connection with Default File at defaultfile.com. It is intended to support transparency for users in India and worldwide, including under India's Digital Personal Data Protection framework, and common expectations under regimes such as the GDPR and CCPA/CPRA where they apply.

Operator: Default File · Domain: defaultfile.com

1. Scope and relationship to other notices

This Privacy Policy applies to the website at https://defaultfile.com, the Default File platform, and related services we operate (the "Service"). It should be read together with our Terms of Service, Cookies and Local Storage Notice, and Grievance Redressal Policy.

This Policy does not apply to third-party websites, services, or applications that we do not control, even if they are linked from the Service.

Where a conflict exists between this Policy and a mandatory local law that cannot be waived, that local law prevails to the extent of the conflict for users protected by it.

2. Who we are and roles under data protection law

The operator of the Service is Default File. For privacy inquiries, contact privacy@defaultfile.com. For general legal inquiries, contact legal@defaultfile.com. For grievances, contact grievance@defaultfile.com (see our Grievance Redressal Policy).

For purposes of India's Digital Personal Data Protection Act, 2023 ("DPDP Act") and related rules, where we determine the purpose and means of processing digital personal data, we act as a Data Fiduciary, and you are a Data Principal with respect to your personal data.

For purposes of the EU/UK General Data Protection Regulation ("GDPR") where it applies, we act as a controller for personal data we determine how and why to process. For purposes of California privacy law where it applies, we act as a "business" with respect to personal information we collect.

3. Current data posture

At present, the Service is designed primarily as a client-side design utility. We do not currently require user registration, and we do not currently operate server-side file upload storage for user design assets as a core product feature.

Depending on your browser and network path, certain technical information may still be processed by hosting providers, content delivery networks, or font providers as part of delivering the Service. Those providers process data under their own terms and infrastructure practices.

We do not currently operate advertising trackers or sell personal information. If that changes, we will update this Policy and, where required, obtain consent or provide opt-out mechanisms before non-essential tracking begins.

4. Categories of information we may process

Depending on how you use the Service and how it evolves, we may process the following categories of information:

Local preference data. The Service may store preferences in your browser (for example, a preference to display simplified explanations). This data typically remains on your device unless you clear site data.

URL and share-state data. Certain tools encode configuration parameters in the page URL so that designs can be shared by link. Anyone with the link may be able to view the encoded configuration. Do not place secrets or personal data in shareable URLs.

Technical and log data. Our hosting or network providers may automatically receive standard request metadata such as IP address, user agent, timestamps, requested URLs, referrer information, and approximate location derived from IP address, for security, reliability, diagnostics, and abuse prevention.

Communications. If you email us, we process the content of your message and associated contact details to respond to your inquiry and maintain records of the correspondence.

Account and billing data (future). If we introduce accounts or Paid Plans, we may collect account credentials or identifiers, profile details you provide, subscription status, invoices, and payment-related information. Payment card data, if any, would typically be processed by a third-party payment processor and not stored in full by us.

We do not intentionally collect sensitive personal data (such as financial account passwords, biometric templates for authentication, health data, or government identity numbers) as part of ordinary use of the current Service. Please do not submit such data to us unless we expressly request it for a stated purpose.

5. Purposes of processing

We process information to: (a) provide, operate, maintain, and improve the Service; (b) secure the Service and prevent fraud, abuse, and security incidents; (c) communicate with you regarding support, grievances, or legal notices; (d) comply with legal obligations; (e) establish, exercise, or defend legal claims; and (f) if Paid Plans are introduced, process subscriptions, invoices, taxes, and related customer administration.

We process personal data only for purposes that are clear, specific, and reasonably connected to the Service you use, unless a new purpose is authorized by law or by your consent where required.

7. Cookies, local storage, and similar technologies

Details regarding cookies, local storage, and similar technologies are set out in our Cookies and Local Storage Notice at https://defaultfile.com/legal/cookies.

Currently, the Service primarily uses essential or functional local storage and may rely on hosting or font providers that process technical request data. We do not currently deploy advertising cookies. If we introduce non-essential analytics or marketing technologies, we will update that Notice and implement consent or opt-out controls as required.

8. Sharing of information

We may share information with: (a) service providers who assist in hosting, content delivery, analytics (if enabled), email, security, customer support, or payment processing, under contractual confidentiality and use restrictions appropriate to the service; (b) professional advisors such as lawyers, auditors, or accountants where necessary; (c) authorities, courts, or regulators when required by law or to protect rights, safety, and security; and (d) a successor entity in connection with a merger, acquisition, financing, reorganization, or sale of assets.

We may disclose aggregated or de-identified information that does not reasonably identify you.

We do not sell personal information and do not presently "share" personal information for cross-context behavioral advertising as those terms are used under California law. If that changes, we will update this Policy and provide required opt-out mechanisms.

9. International transfers and global availability

The Service is intended to be available to users in India and in other countries. The Service may be hosted or supported using infrastructure located in multiple jurisdictions. If you access the Service from outside the country where our processors operate, your information may be transferred across borders.

Where required by applicable law, we will take steps designed to ensure an adequate level of protection for personal data, which may include contractual safeguards with processors, reliance on permitted transfer mechanisms, or limiting transfers as directed by competent authorities.

By using the Service, you understand that processing may occur in countries that may have data-protection standards different from those in your country of residence.

10. Retention

Local preference data remains on your device until you clear it. Communication and grievance records are retained for as long as needed to resolve your inquiry and for legitimate business, security, or legal recordkeeping. Server logs are retained for periods determined by our hosting providers and our security needs.

If accounts or Paid Plans are introduced, account and billing records will be retained for the life of the account and thereafter as required for tax, accounting, dispute resolution, and legal compliance.

When personal data is no longer needed for the purposes stated in this Policy, we will delete it or de-identify it, except where retention is required or permitted by law.

11. Security and reasonable security practices

We implement reasonable technical and organizational measures designed to protect information processed in connection with the Service, consistent with industry practice and applicable requirements regarding reasonable security practices (including expectations under Indian information technology and data protection frameworks where they apply).

Measures may include access controls, encrypted transport (HTTPS), least-privilege operational practices, and vendor due diligence appropriate to our processing activities.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for securing devices and networks you use to access the Service.

12. Children's privacy

The Service is not directed to children under the age of 18 for purposes of India's DPDP Act, or under the age of 13 (or the higher age of digital consent in your jurisdiction) for other applicable laws. We do not knowingly process personal data of children for behavioral monitoring, tracking, or targeted advertising.

If you believe a child has provided personal information to us, contact us and we will take appropriate steps to delete it and cease related processing where required.

13. Rights of Data Principals in India

Subject to the DPDP Act and applicable rules, Data Principals in India may have rights including: (a) the right to access a summary of personal data being processed and processing activities; (b) the right to correction, completion, updating, and erasure of personal data; (c) the right to withdraw consent where processing is based on consent; (d) the right to grievance redressal; and (e) the right to nominate another individual to exercise rights in the event of death or incapacity, where provided by law.

To exercise these rights, contact privacy@defaultfile.com or our Grievance Officer at grievance@defaultfile.com. We may need to verify your identity before fulfilling a request. We will respond within timelines required by applicable law.

If you are not satisfied with our response, you may escalate as described in our Grievance Redressal Policy at https://defaultfile.com/legal/grievance, and you may have the right to approach the Data Protection Board of India or other competent authority once available and as permitted by law.

14. Rights under GDPR, UK GDPR, and similar laws

If the GDPR, UK GDPR, or a similar law applies to you, you may have rights to request access, rectification, erasure, restriction of processing, data portability, and to object to certain processing, as well as the right not to be subject to solely automated decision-making producing legal or similarly significant effects, where those rights apply.

You may also have the right to lodge a complaint with a supervisory authority in your country of residence or workplace. To exercise rights with us, contact privacy@defaultfile.com.

15. Notice for California residents (CCPA/CPRA and CalOPPA)

If you are a California resident and California privacy law applies, you may have rights to know the categories and specific pieces of personal information we collect, to delete personal information, to correct inaccurate personal information, and to opt out of sale or sharing of personal information, subject to statutory exceptions.

In the preceding twelve months, depending on your interactions, categories of personal information that may have been collected include identifiers and internet or network activity information (such as IP address and request logs via hosting providers), and any information you voluntarily send by email. We collect this information for the business purposes described in this Policy.

We do not sell personal information and do not presently share it for cross-context behavioral advertising. We do not use or disclose sensitive personal information for purposes that require a right to limit under California law in connection with the current Service.

Consistent with California Online Privacy Protection Act (CalOPPA) expectations: you may visit the Service without creating an account; a Privacy Policy link is available from the site footer; material changes will be posted on this page; and you may contact us to update information you have provided by email.

To submit a request, contact privacy@defaultfile.com. We will not discriminate against you for exercising privacy rights.

16. Do Not Track signals

Some browsers offer a "Do Not Track" (DNT) setting. Because there is no uniform industry standard for responding to DNT signals, and because we do not presently operate advertising or cross-site tracking cookies on the Service, we do not alter Service behavior solely based on DNT signals at this time.

If we later introduce non-essential analytics or advertising technologies, we will update this Policy and our Cookies and Local Storage Notice to describe how we respond to DNT or comparable preference signals, and we will implement consent or opt-out controls as required by law.

17. Automated decision-making

The current Service does not make decisions that produce legal or similarly significant effects about you solely by automated means. Design generation features produce creative or educational outputs based on parameters you control and do not constitute profiling for employment, credit, or similar decisions.

19. Grievance redressal

Privacy and data-protection grievances may be submitted to grievance@defaultfile.com, addressed to Vignesh V. Further details, timelines, and escalation steps are set out in our Grievance Redressal Policy at https://defaultfile.com/legal/grievance.

20. Changes to this Policy

We may update this Privacy Policy from time to time. The "Last updated" date indicates the most recent revision. Material changes will be posted on this page and, where appropriate, accompanied by additional notice on the Service.

Where required by law, we will seek fresh consent or provide an opportunity to object before processing under a materially new purpose.

21. Governing law

Unless mandatory local law provides otherwise, this Privacy Policy is interpreted in accordance with the laws of India, consistent with our Terms of Service. Mandatory consumer and data-protection rights in your jurisdiction remain unaffected to the extent they cannot be waived.

22. Contact

Privacy contact: privacy@defaultfile.com.

Grievance contact: grievance@defaultfile.com.

Operator: Default File, a personal project by Vignesh V. Domain: defaultfile.com.