Privacy Policy

Last updated: April 2026

1. What We Do

cleanthis.io is a document sanitization service. You can upload a file or provide a link, and we return a cleaned version with potentially harmful or sensitive content removed — macros, scripts, metadata, and hidden threats are stripped using Content Disarm & Reconstruction (CDR).

2. Your Files

  • Files are processed in isolated sandboxes and then automatically deleted within 15 minutes.
  • Deletion uses secure shredding (3-pass overwrite) — files are not just unlinked.
  • We do not keep copies, backups, or logs of file contents.
  • Your files are never shared with any third party.

3. Accounts

cleanthis.io offers an optional API with anonymous accounts — no email, no password, no personal information. If you choose to create an account:

  • No email, no password, no personal information is collected — ever.
  • Your account is a random number (e.g. CT-XXXX-XXXX-...) shown once at creation.
  • Only a one-way hash (SHA-256) of the account number is stored — even if our database were compromised, account numbers cannot be recovered.
  • API keys are also stored as one-way hashes — we never see or store the raw key after you copy it.

You can use the web interface without any account at all. Accounts are only needed for programmatic API access.

4. Cookies & Sessions

  • The web sanitization tool uses no cookies and no tracking.
  • If you log into the API dashboard, a single session cookie is set to keep you logged in. This cookie is HttpOnly, Secure, and SameSite=Strict — it cannot be read by JavaScript or sent to other sites.
  • A theme preference (localStorage) remembers your light/dark mode choice. This stays on your device and is never sent to our server.

5. Data We Collect

We do not collect personal data. Specifically:

  • No analytics, tracking pixels, or third-party scripts.
  • No fingerprinting or advertising identifiers.
  • IP addresses are used only for rate limiting and are not logged or stored.

If you use the API, we record usage metadata (timestamp, file type, file size, endpoint called) tied to your anonymous account — this powers the usage dashboard and future quota enforcement. No file contents, filenames, or personal data are included in usage records.

6. Webpage Scanner (beta)

The Webpage Scanner checks whether a link is safe to visit. It is separate from file sanitization, and it involves a different kind of data handling:

  • The web address you submit is checked against third-party reputation and threat-intelligence services — including Google Safe Browsing, VirusTotal, abuse.ch (URLhaus / ThreatFox), Spamhaus, and AlienVault OTX. Only the address is shared with them, never anything about you.
  • For the deeper scan levels, the page is loaded from our servers — never from your device — so the site you're checking never sees your IP address or browser.
  • A deep scan opens the page in a locked-down, throwaway browser and captures a screenshot; that screenshot is securely erased within 15 minutes.
  • A scan verdict may be cached for up to 24 hours to speed up repeat checks of the same link. We do not keep the page's content, and we do not build a history of what you've scanned.
  • As everywhere else on the site, your IP address is used only for rate limiting and is not logged or stored.

7. Output Files

Cleaned files are stripped of metadata such as author information, GPS coordinates, camera details, and timestamps — helping you avoid unintentionally sharing personal details.

8. Security

  • All file processing runs inside firejail sandboxes with no network access and restricted filesystem visibility.
  • Virus scanning is performed by ClamAV before any processing begins.
  • All connections use HTTPS with HSTS headers.
  • Download links are cryptographically signed and expire automatically (5 minutes for web, 15 minutes for API).
  • Webhook deliveries are signed with HMAC-SHA256 so you can verify authenticity.

9. Your Rights

Because we do not store personal data and files are automatically shredded, there is nothing retained to request access to or removal of. If you have an API account, you can delete it at any time — this immediately removes all associated API keys and usage records.

10. Contact

If you have any questions about this privacy policy, please get in touch through our project page.