Privacy Policy

Introduction

SHENIT AGENCY SLU ("we", "us", or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how information is collected, used, and shared when you visit or use FileLocations (the "Site"). It also outlines your rights regarding your personal data and how you can exercise those rights. We have crafted this policy to comply with applicable data protection laws in Andorra (which are closely aligned with the EU General Data Protection Regulation - GDPR) and other relevant jurisdictions. By using our Site, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described here, please refrain from using the Site.

Data Controller and Contact Information

For the purpose of data protection laws, SHENIT AGENCY SLU is the "data controller" of your personal data collected via FileLocations. This means we determine how and why personal data is processed. If you have questions about this Privacy Policy or wish to exercise your privacy rights, you can contact us at:

  • Business Name: SHENIT AGENCY SLU

  • Email: [email protected]

  • Address: Urb. Prada de Sansa, Xalet 5, AD400

We may not have a legal obligation to appoint a Data Protection Officer given the nature of our operations, but we take privacy seriously. You can reach out to us through the contact information above for any privacy-related inquiries.

Information We Collect

We collect personal and usage information in the following ways:

1. Information You Provide Voluntarily:
Currently, our Site does not require account registration or direct submission of personal information to browse the informational content. However, if you choose to contact us (e.g., via email or a contact form), we will collect whatever information you provide (such as your name, email address, and the content of your message). We will use this information solely to respond to your inquiry or provide the requested service.

2. Information Collected Automatically:
When you visit FileLocations, certain data is collected automatically about your device and how you interact with the Site. This may include:

  • Technical Data: IP address, browser type and version, device type, operating system, language preferences, and network provider. We use services like Cloudflare to secure our site, which means Cloudflare may process your IP address and set a security cookie (e.g., __cf_bm) to distinguish legitimate users from bots. This is essential for protecting the Site from malicious traffic and is considered strictly necessary for our service.

  • Usage Data: Details of your visits such as the pages or content you view, the time spent on each page, the links you click (including outbound links to app stores), and the page that referred you to our Site. We utilize analytics tools (Google Analytics and Microsoft Clarity) to gather this information. Google Analytics provides aggregated statistics on site usage (e.g., page views, traffic sources), while Microsoft Clarity helps us understand user behavior through features like heatmaps and session replays (which record interactions such as clicks and scrolls). These analytics tools use cookies and similar technologies to collect data about your interactions with the Site.

  • Advertising and Conversion Data: Since much of our traffic is driven by advertising campaigns (e.g., Microsoft Ads, Google Ads, Yahoo Japan Ads), we implement tracking mechanisms to measure the effectiveness of these campaigns. For example, if you clicked on one of our ads, a unique identifier may be passed in the URL (such as a “gclid” for Google Ads or “yclid” for Yahoo Japan Ads). Our Site, via scripts in Google Tag Manager, may then store these identifiers in cookies (_gcl_* for Google, uet* for Microsoft Bing Ads, and ycl_yjad for Yahoo Japan) to track when ad clicks result in desired actions (like visiting certain pages or clicking through to an app store). This helps us understand and improve our advertising efforts.

  • Cookies and Similar Technologies: We and our third-party partners use cookies, pixels, and local storage to collect and store information. Cookies are small text files placed on your device. Some cookies are strictly necessary for the Site to function (e.g., to remember your privacy preferences or to enable Cloudflare’s security features), while others are used only with your consent (analytics and advertising cookies). For detailed information on the cookies we use and your choices regarding cookies, please see our Cookie Policy.

3. Information from Third Parties:
We do not purchase or obtain personal data from data brokers or other external sources. However, third-party services integrated into our Site may provide us with certain aggregated information. For instance, Google Analytics and Microsoft Clarity will generate reports for us based on the data collected about your usage of our Site. These reports do not identify you by name but give us insight into overall user behavior (such as how many users visit daily, which countries they come from, etc.). Additionally, our ad partner platforms (Google, Microsoft, Yahoo) might inform us of aggregated conversion metrics (like how many users clicked an ad and then visited our Site). We treat this information in line with this Privacy Policy, and it is generally not identifiable to any individual.

How We Use Your Information

We use the collected information for various purposes consistent with the principles of data protection law (such as fairness, transparency, and necessity). The purposes for which we process personal data include:

  • Providing and Operating the Site: We process technical and usage data to present the Site to you and ensure it functions correctly on your device. For example, your IP address is used to send the correct content to your browser, and cookies like Cloudflare’s __cf_bm help us distinguish legitimate traffic from bots to keep the Site secure and performant.

  • Improving User Experience and Site Functionality: We analyze usage data (through Google Analytics, Microsoft Clarity, and similar tools) to understand how users interact with our content. This helps us identify popular sections, troubleshoot issues (e.g., if users are encountering errors on certain pages), and optimize our layout and content to better serve our audience. Microsoft Clarity, in particular, provides insights like heatmaps and session replays, which we use to gauge which parts of a page are engaging or if there are any confusing elements in the site design. All data used for analytics is aggregated and is used for statistical purposes, not to profile individual visitors without consent.

  • Advertising and Monetization: We use advertising cookies and tracking pixels to deliver and measure advertisements. Google AdSense (our ad partner) may use cookies to show you relevant ads on our Site. These cookies track factors such as whether you have seen an ad before or whether you clicked on an ad. With your consent (where required by law), Google may personalize the ads you see based on your interests or past browsing (using identifiers like the DoubleClick cookie IDE). If you opt out of personalized ads, you will still see advertising, but it will be non-personalized (contextual) and based only on general factors like the content of the page. We also use conversion tracking for our own advertising campaigns: for example, Microsoft Advertising’s UET cookie (_uetvid) helps us track when users visit after clicking a Bing ad, and Yahoo’s tracking cookie (_ycl_yjad) records when a user who clicked a Yahoo Japan advertisement performs certain actions on our Site. This information helps us assess the effectiveness of our advertising and budget.

  • Consent Management: We use a Consent Management Platform (Google’s Funding Choices CMP, CMP ID: 300) in compliance with the IAB Transparency & Consent Framework (TCF). This CMP presents users in applicable regions (e.g., EU/EEA) with a consent banner to manage their cookie and tracking preferences. When you make your privacy choices, the CMP may store a record of your consent (for example, in a consent cookie or local storage) so that your preferences are honored on subsequent page loads and visits. We process this data to ensure we respect your choices—for instance, not loading analytics or ad cookies unless you’ve consented. Managing user consent is itself a processing purpose: to comply with legal obligations regarding user consent and preferences.

  • Communications and Support: If you contact us with a question, feedback, or a request (such as a DMCA/copyright issue or a privacy inquiry), we will use the contact information and details you provided to respond and resolve your issue. We may keep a record of such communications for internal administrative purposes and to improve our customer service.

  • Legal Compliance and Protection: We may process personal data when necessary to comply with legal obligations or regulatory requirements (for example, keeping certain records if required by law) or to protect our legal rights. This includes using data to detect, prevent, and address fraud, abuse, security incidents, and other harmful activities. For instance, if we detect a pattern of malicious activity (like repeated unauthorized scraping or attacks), we may log information about that activity and share it with security/authority entities as needed to prevent harm to our interests or others.

  • Site Analytics and Research: In addition to improving the site experience, we might use aggregated analytics data to research general usage trends or performance of our content. This does not involve identifying individual users, but rather looking at overall metrics (e.g., percentage of visitors using mobile devices, or the average time spent on the site) to make informed business decisions.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason compatible with the original purpose. If we need to use your data for an unrelated purpose, we will notify you and explain the legal basis that allows us to do so.

Legal Bases for Processing (GDPR Compliance)

Under GDPR (and equivalent laws in Andorra), we must have a valid “legal basis” to process your personal data. Depending on the specific data and context, we rely on one or more of the following legal bases:

  • Consent: For non-essential cookies and tracking technologies (such as analytics and advertising cookies), our legal basis is your consent. We obtain your consent via the cookie consent banner managed by our CMP when you first visit the Site (and periodically thereafter, as required). You have the right to withdraw consent at any time. For example, if you consent to analytics cookies but later change your mind, you can adjust your preferences via the Cookie Settings on our Site (through the CMP interface) or by clearing cookies in your browser. Withdrawal of consent will not affect the lawfulness of processing that occurred before you withdrew consent.

  • Legitimate Interests: We process certain data under the basis of legitimate interests, provided those are not overridden by your privacy rights. For example, it is in our legitimate interest to ensure the security of our Site (hence processing IP addresses and using Cloudflare to mitigate bots is justified by security interests), to understand how our Site is used (basic analytics in jurisdictions where consent is not strictly required for pseudonymous analytics, or after obtaining consent where required), and to run our business efficiently by promoting our services (using ad conversion tracking to optimize our advertising spend). When relying on legitimate interests, we carefully consider and balance any potential impact on you (both positive and negative) and your rights. We do not use legitimate interest as a basis for processing personal data in ways that are excessively intrusive.

  • Performance of a Contract: Although using our Site does not typically involve a formal contract, if you were to enter into any agreement with us (for example, if we offered user accounts or premium services in the future), we would process relevant personal data as needed to fulfill our obligations under that contract. Currently, this basis is less applicable because our Site primarily offers free informational content without requiring user accounts.

  • Legal Obligation: We may process personal data when necessary to comply with a legal obligation. For instance, if authorities lawfully require us to retain certain data or report certain activities, we will process and share data as needed to fulfill those obligations. Another example is compliance with tax or accounting rules if any financial transactions were involved (though currently, our revenue is primarily from advertising, not from user payments).

  • Protection of Vital Interests/Public Interest: These bases are unlikely to be relevant in our context. They would apply only in exceptional circumstances (such as processing data to protect someone’s life or for an important public interest). If such a scenario were to arise, we would only process personal data under these bases in strict accordance with the law.

Cookies and Tracking Technologies

Cookies and similar technologies play an important role in how we collect and use data, especially for analytics and advertising. For transparency, here’s a brief overview (our Cookie Policy provides more details and a comprehensive list of cookies):

  • Essential Cookies: These are necessary for the Site’s operation and cannot be turned off in our system. They include cookies like our consent preference cookie (to remember your choices) and Cloudflare’s security cookie. These cookies do not store personally identifiable information, and our use of them is based on our legitimate interest in providing a secure and functional site (or based on legal obligation to respect your privacy preferences).

  • Analytics Cookies: We use cookies set by Google Analytics (such as ga, gid) to collect information about how visitors use our Site. Google Analytics cookies collect pseudonymous data (e.g., a random user ID) to measure interactions. Microsoft Clarity also sets cookies (_clck, _clsk, etc.) to track sessions and user behavior on our site. We only deploy these cookies if you have given consent via the CMP (for users in jurisdictions where consent is required). The information obtained through these cookies is used in aggregate form.

  • Advertising Cookies: Google AdSense and our advertising partners may set cookies to help deliver ads that are more relevant to you and to avoid showing the same ads too frequently. Notable advertising cookies include the DoubleClick IDE cookie, which lasts about 13 months in EU/Andorra and is used to provide personalized advertising on non-Google sites, and the test_cookie, which is a short-lived cookie used to test if your browser accepts cookies. Microsoft Ads sets cookies like uetvid (to track visits across sessions, ~13 months) and uetsid (for a single session, usually 24 hours) when our Bing ads tracking is active. Yahoo Japan Ads may use a cookie such as yclyjad (lasting ~90 days) to store a unique click ID for conversion tracking. We require your consent for enabling advertising cookies where mandated by law.

  • Other Third-Party Technologies: Our Site might occasionally incorporate content from other sources (e.g., social media share buttons, though we currently don’t have those, or embedded videos/images). If and when that happens, those third parties may set their own cookies. For example, viewing a YouTube video embedded on a site can set YouTube cookies. This Privacy Policy covers our use and handling of data; for third-party cookies, please refer to the respective third parties’ privacy policies.

You have choices regarding cookies. When you first visit our Site, you will be presented with a consent banner allowing you to accept or reject non-essential cookies and tracking. You can adjust your preferences at any time by accessing the “Privacy settings” link or similar on our Site (usually available in the footer or via the CMP interface). Additionally, most web browsers let you control cookies through their settings (you can often refuse new cookies, delete existing ones, or set your browser to notify you before accepting cookies). Keep in mind that blocking all cookies may affect some features of our Site.

For more detailed information on cookies and how to manage them, see our Cookie Policy and the resources provided therein.

How We Share Your Information

We value your privacy, and we do not sell your personal data to third parties. However, we do share certain information with third parties in the following contexts:

  • Service Providers: We use third-party service providers to help run and maintain our Site. The main categories of service providers and what they do include:

  • Infrastructure and Security: We use Cloudflare for website security, performance optimization, and bot management. As a result, Cloudflare may process user IP addresses and behavioral data for threat detection (e.g., unusual request patterns). Cloudflare acts as a data processor for us, meaning they only use the data for our specified security purposes.

  • Analytics Providers: Google (Analytics) and Microsoft (Clarity) act as our analytics providers. They collect usage information via their scripts and cookies on our Site and provide us with analytics reports. These providers may act as independent data controllers for the data they collect for their own analytics purposes, but they are bound by their own privacy policies and, in Google’s case, by the data processing terms we have accepted which incorporate the EU’s Standard Contractual Clauses for data transfers.

  • Advertising Partners: We partner with Google AdSense to display ads. Google, as our advertising partner, will receive certain information such as your cookie identifiers or device info through the ads on our Site. Similarly, we have integrated tracking for Microsoft Advertising (Bing Ads) and Yahoo Japan Ads for the limited purpose of measuring ad conversion (when applicable). These partners might receive data when you interact with our Site (for instance, Microsoft receives data via the UET tag on our pages, and Yahoo via their conversion tag or our implemented cookie for them). These partners use the data for ad delivery, personalization, and performance measurement. They each have their privacy policies (e.g., Google’s Privacy Policy, Microsoft’s Privacy Statement, Yahoo Japan’s privacy guidelines) which describe how they handle data.

  • Consent Management Platform: Our Google CMP (Funding Choices) may store your consent preferences and needs to share some information with the ad vendors (like whether you gave consent for certain purposes). It operates under the IAB TCF, which means your consent choices are encoded and shared with participating vendors in the form of a Transparency and Consent String (TC String) via a cookie or API. This allows those vendors to know what they are permitted to do.

  • We ensure that all service providers we engage who process personal data on our behalf (i.e., processors) are subject to appropriate contractual obligations to safeguard personal data, including obligations of confidentiality and security.

  • Legal Requirements and Protection: We may disclose information about you if required to do so by law, regulation, or legal process (such as a court order or subpoena). We may also disclose data if we believe it’s necessary to investigate, prevent, or take action regarding suspected or actual illegal activities, fraud, or situations involving potential threats to the safety or legal rights of any person. For example, if we receive a legally binding request from law enforcement concerning an investigation, we might need to provide relevant logs or data we have.

  • Business Transfers: If SHENIT AGENCY SLU is involved in a merger, acquisition, sale of assets, or other business transaction, personal data held by us may be among the transferred assets. We would ensure the recipient of the data is bound by privacy obligations consistent with this policy. If such a transfer results in a material change in how your personal data is used, we would endeavor to notify you (for example, by posting a notice on our Site).

  • Aggregate or De-Identified Data: We may share statistics and insights in aggregate form with third parties (for instance, "X% of our users are from Europe" or "we see N thousand pageviews per month on our app review pages"). This information will not contain personal data and is used for industry analysis, marketing, or other business purposes.

Importantly, any third parties that set cookies or collect data directly via our Site (such as Google through ads or analytics scripts) are responsible for their own handling of the data they collect. We provide links to their relevant policies in our Cookie Policy and below in the Sources section, but they are not under our direct control beyond the agreements we have in place.

We do not share your contact information (like email) with third parties for their own marketing purposes. In the limited scenarios where you provide us contact details (like reaching out for support or DMCA issues), we use those only to communicate with you or as required to handle the specific situation.

International Data Transfers

SHENIT AGENCY SLU is based in Andorra, but the services we use operate globally. Whenever personal data is transferred out of Andorra or your country of residence, we ensure it is protected in accordance with applicable laws. Some examples of international data flows in our context include:

  • Data to the United States and Other Countries: Many of our third-party partners (Google, Microsoft, Cloudflare, etc.) are U.S.-based companies or have servers around the world. This means the data collected via our Site (IP addresses, cookie IDs, usage data, etc.) may be transmitted to and processed on servers located in the United States or other countries outside of Andorra or the European Economic Area (EEA).

  • Adequacy and Safeguards: Andorra has been recognized by the EU as providing an adequate level of data protection. However, when data is transferred from Andorra/EU to countries that do not have an adequacy decision (like the U.S.), we rely on appropriate safeguards. Typically, our service providers include Standard Contractual Clauses (SCCs) in our agreements with them, which are legal contracts approved by the European Commission to ensure personal data is protected when transferred internationally. For instance, our use of Google’s services is covered by Google’s adherence to SCCs and other measures, and similarly for Microsoft.

  • IAB TCF & Global Consent: Through our CMP, if you are in the EEA, your consent signal (the TC String) may be sent to ad tech vendors globally to inform them of your choices. Those vendors, if outside the EEA, are also contractually bound by the TCF policies to handle the data appropriately.

  • Cloudflare Data Locations: Cloudflare may route traffic through servers in various locations for performance and security. Cloudflare is also a participant in the EU-U.S. Data Privacy Framework as of 2025 or will otherwise use SCCs for EU data.

  • Your Acknowledgment: By using our Site or providing us information, you acknowledge that your data may be transferred to and processed in countries other than your own. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

If you would like more information about our international data transfer practices or the specific safeguards in place, you can contact us using the information provided in the "Contact Information" section of this Privacy Policy.

Data Retention

We retain personal data for only as long as necessary to fulfill the purposes we collected it for, including for satisfying any legal, accounting, or reporting requirements.

Here are some general guidelines on our retention practices:

  • Analytics Data: Data collected via Google Analytics is stored by Google and retained for a period configured in our Google Analytics settings. We have set our Google Analytics data retention to 14 months for user-level and event-level data associated with cookies and other identifiers. This means that data older than 14 months is automatically deleted from Analytics reports (on a rolling basis). Note that this retention setting does not reset for new activity; it means any user identifier that hasn't had new events in 14 months will be removed. For Microsoft Clarity, we adhere to Microsoft’s default data retention (Clarity typically retains data for a relatively short period, such as 30 days for session recordings, unless extended). In any case, analytic data we access is aggregated, but underlying logs on third-party systems are deleted as per their policies and our configurations.

  • Server Logs: Our web server or security logs (including those by Cloudflare) which contain IP addresses and visit timestamps are generally retained for a short duration, typically 90 days or less, unless needed for investigation of security incidents. Cloudflare’s logs and threat data are usually kept around that timeframe as well. After this period, logs are either deleted or anonymized.

  • Advertising Data: Cookies set for advertising have their own expirations (e.g., the IDE cookie by Google expires after 13 months in the EEA, Microsoft’s uetvid after 13 months, Yahoo’s ycl_yjad after 90 days). We do not directly control those lifespans, but once expired, those cookies are no longer used to identify you. Data we receive from ad platforms about campaign performance is usually in aggregate form and retained indefinitely for analysis (without personal identifiers). If any personal data were included (unlikely, as we do not receive personal identifiers from ad conversions), we would treat it according to this policy and remove personal elements when no longer needed.

  • Communication Data: If you contact us via email or other means, we may retain your correspondence for as long as necessary to address your inquiry, resolve any issues, and maintain records of our communications. Typically, for general inquiries, we might retain emails for up to 24 months (in case you follow up or reference a past conversation). For specific requests like DMCA notices or legal matters, we may keep those records longer (since they might be needed to establish compliance or handle repeat issues), generally up to 6 years as part of business records (or longer if legal considerations demand it).

  • Consent Records: Our CMP will store a record of your consent choices (likely in a cookie or similar). We may also keep logs of consent transactions (e.g., a record that a particular user ID consented on a certain date) for compliance purposes. Consent records are typically kept as long as required by law (which can be several years). We aim to refresh consent at least every 12-13 months, as recommended by many regulators, so a new record would be created then. Old consent records may be deleted or archived according to regulatory guidance.

  • Database Records: Since we currently don’t have user accounts or user-generated content stored in a database, there’s minimal personal data in our site database. Any incidental data (like blog comments, if we allowed them, or feedback forms) would be retained until it’s no longer necessary. If in the future we add features that collect personal data, we will update this section with relevant retention periods.

Once the retention period for the above categories expires, we will delete or anonymize your data. For example, we may aggregate or anonymize data so it no longer can be associated with you, for statistical purposes.

In determining retention periods, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure, and the purposes for which we process it. We also consider if we can achieve those purposes through other means without keeping the data. In some cases, we may also consider legal requirements (for instance, certain financial records might need to be kept for a number of years under law, though currently not directly applicable to our operations).

If you request deletion of your personal data (see the "Your Rights" section), we will endeavor to delete your data from our systems (and instruct our processors to do so) in a secure manner, unless retaining it is required or permitted by law.

Your Rights and Choices

You have various rights regarding your personal data under GDPR, Andorran law (LQPD), and other privacy regulations. We are committed to upholding these rights. These include:

  • Right to Access: You have the right to request confirmation as to whether or not we are processing personal data about you, and if so, to request a copy of the personal data we hold about you. This allows you to receive a copy of the personal information we maintain about you and to check that we are processing it lawfully.

  • Right to Rectification: If any of the personal data we have about you is incorrect or incomplete, you have the right to request correction or completion. For instance, if you contact us and later realize you provided the wrong email address, you can ask us to correct it in our records.

  • Right to Erasure ("Right to be Forgotten"): You have the right to request that we delete your personal data, under certain conditions. We will honor such requests to the extent required by law. Please note, since we generally process data that is pseudonymous (like cookie IDs) or aggregated, deletion may often be achieved by you clearing cookies or by our routine data expiration. However, if you believe we have personal data about you (say, from correspondence) and you want it erased, you can request so. We will also inform our processors (e.g., Google) of deletion requests when applicable in line with GDPR obligations.

  • Right to Restrict Processing: You can ask us to suspend processing of your personal data in certain scenarios, for example if you want us to verify its accuracy or our reasons for holding it, or if you have objected to our use of your data and we are considering your objection.

  • Right to Data Portability: For data you provided to us and that we process by automated means on the basis of consent or contract, you have the right to request that we provide it to you or directly transfer it to another controller, in a commonly used, machine-readable format. Given the nature of our Site, this is likely only relevant if you provided us something like a personal account info (which we currently do not have). It may not apply to most of our data (since browsing data is typically not something we can tie to an individual in a straightforward manner), but we will try to accommodate reasonable requests where applicable.

  • Right to Object: You have the right to object to our processing of your personal data in certain circumstances. For example, if we process your data on legitimate interest, you can object to that processing if you feel it impacts your rights. If you object to direct marketing uses of your data, we will stop such processing immediately. For other purposes, we will consider your objection and whether our legitimate grounds for processing override your rights and freedoms.

  • Right to Withdraw Consent: If we rely on consent for any processing, you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of processing done prior to withdrawal. As noted earlier, you can manage your cookie consent through the provided interface on our Site. If you have consented to something like receiving email updates (not currently applicable because we don’t send marketing emails, but hypothetically), you could similarly opt out at any time.

  • Right not to be subject to Automated Decision-Making: We do not engage in any automated decision-making or profiling that produces legal or similarly significant effects on individuals. Should that change, you would have the right to object or request human intervention.

  • Right to Lodge a Complaint: If you believe we have infringed your data protection rights, you have the right to lodge a complaint with a supervisory authority. For Andorra, the supervisory authority is the Andorran Data Protection Agency (Agència Andorrana de Protecció de Dades, APDA). If you reside in the European Union, you may also contact the supervisory authority in your country. We would appreciate the chance to address your concerns directly before you approach a regulator, so we encourage you to contact us first if possible.

To exercise any of your rights, please contact us at [email protected] with a clear description of your request. We may need to verify your identity before fulfilling certain requests, to ensure that we do not disclose data to the wrong person or delete data at the request of someone who isn’t the data subject. For example, we might ask you to provide information that matches our records or use a verification email response.

We will respond to your request as soon as possible, and in any event within the time frame required by law (generally within 1 month for GDPR, extendable by another 2 months if the request is complex — we will inform you if an extension is needed). There is usually no fee for exercising your rights, but if requests become excessive or manifestly unfounded, we reserve the right to charge a reasonable fee or refuse to act on the request (as allowed by law).

Children’s Privacy

Our Site is not directed to children under the age of 13. We do not knowingly collect or solicit personal data from children under 13 years of age (or under the age of 16 in the European Economic Area, unless a lower age is provided by local law, as Andorra’s law might specify a similar age threshold for consent). In fact, given the nature of our content (app information and tech-related content) and the fact that we do not have user accounts, it is very unlikely we would receive personal data from any child directly.

If you are under 13, please do not use this Site or send any personal information about yourself to us (including your name, address, telephone number, or email address). If we learn that we have inadvertently collected personal data from a child under the relevant age without verifiable parental consent, we will delete that information promptly.

Parents or guardians who believe that we might have any information from or about a child under the age of consent can contact us at [email protected]. We will take appropriate steps to investigate and address the issue, including removing any data collected from the child.

Note: Some of the third-party services we use (like AdSense) have their own policies regarding children. For example, Google requires publishers to comply with laws like COPPA (Children’s Online Privacy Protection Act in the U.S.) when applicable. We have designed our site and our use of services such that we do not target children, and we indicate to ad services that our content is not made for children (which helps ensure contextual ads rather than personalized ads are shown if a child were to visit, per Google’s policies).

Data Security

We employ a variety of technical and organizational measures to protect your personal data from unauthorized access, use, alteration, or destruction. These measures include:

  • Encryption: Our Site uses HTTPS encryption (TLS/SSL) for all data transmission. This means that any data exchanged between your browser and our server is encrypted in transit, which helps prevent eavesdropping.

  • Security Services: We use Cloudflare’s enterprise-grade security, including Cloudflare Bot Management, to filter malicious traffic and prevent attacks such as DDoS or brute-force attempts. Cloudflare’s __cf_bm cookie and related technologies help identify and mitigate automated bots, adding a layer of protection to the Site.

  • Firewall and Monitoring: Our server (and/or Cloudflare’s proxy) is configured with firewall rules to block suspicious or disallowed traffic. We continuously monitor our Site for potential vulnerabilities or intrusions. Additionally, any attempt to access the backend or administrative areas of the Site is logged and monitored.

  • Access Controls: Personal data we store (for example, correspondence or logs) is restricted to authorized personnel who need to access it for the purposes described in this Policy. We ensure that our team members and contractors are bound by confidentiality obligations.

  • Regular Updates: We keep our website software, content management systems, and any relevant applications or plugins up to date to patch security vulnerabilities. Regular security assessments or scans are conducted to identify potential issues.

  • Anonymization/Pseudonymization: Where possible, we process data in an aggregated or pseudonymized form. For example, analytics data is analyzed at a statistical level, and advertising reports we view do not contain your personal identifiers. By minimizing use of directly identifiable data, we add an extra layer of protection to your privacy.

  • Data Minimization: We strive to only collect data that we actually need. By limiting the scope of data collected, we reduce the risk associated with excess data storage. For example, we do not collect sensitive personal data like financial information, health data, or social security numbers, etc., through our Site content.

  • Backup and Recovery: We maintain backups of critical data to ensure resilience. These backups are stored securely and with similar protections.

  • Breach Response Plan: Despite all precautions, no system is entirely foolproof. We have a procedure in place to deal with any suspected personal data breach. In the unlikely event of a data breach, we will notify you and/or the appropriate supervisory authority when required by law, and take all necessary steps to mitigate the breach.

Please understand that, while we take substantial steps to protect your data, no website or Internet transmission is completely secure. We cannot guarantee absolute security of your data transmitted to our Site; any transmission is at your own risk. However, once we receive your information, we employ strict procedures and security features to try to prevent unauthorized access.

If you have reason to believe that your interaction with our Site is no longer secure (for example, if you suspect that the security of your account or personal data has been compromised), please immediately notify us at [email protected].

Third-Party Links and Services

Our Site contains links to third-party websites (such as official app pages on Google Play or the App Store, or perhaps news sources, etc.). If you follow a link to any of these external sites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for those policies. We encourage you to review the privacy policies of any third-party sites or services before providing any information to them.

Additionally, some of the services integrated on our Site involve third parties that directly collect data from you, as discussed. For example:

  • If we display an embedded YouTube video on a page, YouTube (Google) might collect usage data through its embedded player, including setting cookies for tracking views or preventing abuse.

  • Our social media presence: If you engage with us on platforms like Twitter, Facebook, etc., those interactions are governed by the privacy terms of those platforms.

  • Advertisements on our Site are delivered by Google AdSense and possibly other partners. Those partners may collect or receive certain information from your browser (such as cookie identifiers, IP address) to provide ads, subject to your consent choices. Check our Cookie Policy or the ad settings on those platforms (e.g., Google’s Ad Settings) for more info on how to opt out or manage ad preferences.

  • Microsoft Clarity might allow Microsoft to collect some data regarding your usage for improving their services, as per Microsoft’s terms. They claim not to use the data for advertising, and Clarity masks certain sensitive information by default.

We want to be transparent that when you interact with those third-party services, such as by clicking a link to the Play Store or by viewing an ad, their privacy practices apply in those contexts. This Privacy Policy applies only to data collected through FileLocations and the services we control.

Compliance with Andorran and International Law

Andorra’s Data Protection Law: We adhere to Andorra’s Qualified Law 29/2021 on Personal Data Protection (LQPD) and its regulations. Andorra’s law is closely aligned with GDPR, ensuring that individuals’ rights and data are protected similarly to the EU standards. The Andorran Data Protection Agency (APDA) oversees and enforces these laws. We have taken measures recommended by APDA’s guidelines, especially regarding cookies (as described in our Cookie Policy), to ensure compliance from a local law perspective as well.

GDPR and Extraterritorial Reach: Although Andorra is not part of the EU, GDPR can apply to us if we target or monitor individuals in the EU. Our aim is to meet those requirements as well, which is why we have a robust consent mechanism and uphold data subject rights. We consider this Privacy Policy and our practices to be compliant with GDPR for EU users as well as with the Andorran law for local users.

California and Other Regions: While our primary audience is not necessarily California or other U.S. states, if the California Consumer Privacy Act (CCPA) or similar laws apply to certain interactions, we would extend similar rights (like access or deletion) to those users as well. We do not sell personal information as defined by CCPA. If you are a California resident and you have questions or requests under CCPA, you can contact us, and we will treat it consistently with our commitment to privacy. Similarly, residents of other regions (e.g., Brazil’s LGPD, Canada’s PIPEDA) can contact us and we will do our best to honor your local privacy rights in line with this Policy’s general approach.

Do Not Track Signals: Some browsers offer a "Do Not Track" (DNT) feature. Currently, there is no standard interpretation or practice for responding to DNT signals in a way that is consistent across the industry. As such, our Site does not respond differently to browsers with a DNT signal. Instead, we rely on our consent management for tracking. We encourage you to use the consent tools provided (cookie banners, etc.) to manage tracking preferences.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. If we make significant changes, we will notify users by posting a prominent notice on our Site (for example, via a banner or modal) and/or by updating the effective date at the top of the policy. In some cases, if the changes are material and you have an ongoing relationship with us, we may also notify you via email.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of FileLocations after any changes to this Privacy Policy will signify your acceptance of those changes.

Contact Information

If you have any questions, comments, or requests regarding this Privacy Policy or our data practices, please contact us at:

We will gladly address your inquiries and work with you to resolve any concerns you might have about your privacy.

By using the Site, you acknowledge that you have read this Privacy Policy and agree to its terms. Thank you for trusting SHENIT AGENCY SLU with your information and for using FileLocations.

Last updated: 03/27/2026