Effective date: May 23, 2026
TrustMFT ("we", "us", or "our") operates the TrustMFT managed file transfer platform. This Privacy Policy explains what information we collect, how we use it, and your rights in relation to it. By using TrustMFT, you agree to the practices described below.
Account information. When you sign up, we collect your name, email address, company name, and a password (stored as a one-way hash — we never store your plaintext password).
File data. Files you upload through the web portal or SFTP are stored on your behalf. We do not access the contents of your files except as required to provide the service (e.g., malware scanning) or as required by law.
Audit and activity logs. We record all significant actions — logins, uploads, downloads, deletions, and administrative changes — along with the user, timestamp, IP address, and outcome. These logs are used for security, compliance, and troubleshooting purposes.
Technical data. We collect standard server logs including IP addresses, browser type, and pages accessed. We use Microsoft Azure Application Insights for performance monitoring and error tracking.
SFTP credentials. SFTP usernames and hashed passwords are stored separately from web portal credentials.
We do not sell your personal data to third parties. We do not use your data for advertising.
All data is hosted on Microsoft Azure infrastructure. Files are stored in Azure Blob Storage with server-side AES-256 encryption. Encryption keys are managed per tenant in Azure Key Vault. All web traffic is encrypted using TLS 1.2 or higher. SFTP connections use SSH encryption.
Access to your data is restricted by role-based access controls. Audit logs record all access to your files. We enforce account lockout after repeated failed login attempts and require email verification for new administrator accounts.
Your files and account data are retained for as long as your account is active or as needed to provide the service. Audit logs are retained for a minimum of 12 months. If you close your account or your subscription is terminated, your data will be deleted within 30 days unless we are required to retain it longer by law.
We use the following third-party providers to deliver the service:
These providers process data on our behalf under their own privacy and security standards. We do not share your data with any other third parties without your consent, except as required by law.
Your data is stored and processed within Microsoft Azure data centres. If you are located in the European Economic Area (EEA), your data may be transferred outside the EEA. Where this occurs, we ensure appropriate safeguards are in place in accordance with applicable data protection law.
Depending on your location, you may have the right to:
To exercise any of these rights, contact us at legal@trustmft.com. We will respond within 30 days.
TrustMFT uses a session authentication cookie to keep you logged in. This cookie is:
We do not use advertising cookies or third-party tracking cookies. Sessions expire after 25 minutes of inactivity.
TrustMFT is a business-to-business service and is not directed at individuals under the age of 18. We do not knowingly collect personal data from children.
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by displaying a notice in the portal. Continued use of the service after changes take effect constitutes your acceptance of the updated policy.
If you have questions or concerns about this Privacy Policy, please contact us at legal@trustmft.com.