Your data, protected
Security & Privacy
Your files are your business. We built every layer of Compress.FAST to keep it that way.
Last updated: February 2026
Encryption
All connections to Compress.FAST use TLS 1.3 with perfect forward secrecy — your files are encrypted from the moment they leave your browser. On our servers, files are encrypted at rest using AES-256-GCM. Each file receives a unique encryption key derived via HKDF-SHA256 with a random salt, meaning that even if one key were compromised, no other file would be affected. During compression, files are decrypted only in memory for the duration of processing, then immediately re-encrypted. Decrypted data is never written to disk.
Data Isolation
Each compression job runs in complete isolation. Files are stored in per-job directories with unique identifiers, encrypted with per-file keys, and accessible only through authenticated download endpoints that verify ownership. No Compress.FAST team member can access your file contents — there are no admin endpoints for viewing or downloading user files, and encryption keys are managed programmatically without manual access.
Where Your Data Lives
All processing servers are physically located in the European Union on dedicated infrastructure we control. Your files are stored and processed exclusively within EU borders, ensuring GDPR compliance and protecting your content from foreign surveillance laws.
Your files stream straight from your browser to our servers in Germany, encrypted with TLS 1.3. There's no third-party in the middle—we control the entire path from upload to deletion.
No Permanent Storage
Compress.FAST intentionally does not provide permanent file storage. We are a file compression service, not a cloud storage provider. Your files exist on our servers only for the time needed to process them and for you to download the results. After 1 hour, all files — both input and output — are permanently and irreversibly deleted.
Automatic Deletion
All files are automatically deleted 1 hour after compression completes—regardless of plan tier. You can also delete files immediately after downloading. Once deleted, files are securely wiped and cannot be recovered.
What we retain (for billing and fraud prevention): job identifiers, compression type, file sizes, processing time, and credits consumed.
What we do NOT store:
- Filenames (only file extensions)
- File contents or thumbnails
- EXIF metadata extracted from images
- Raw IP addresses (we store only irreversible HMAC-SHA256 hashes for abuse prevention)
No Third-Party Processing
Unlike services that rely on cloud APIs, we process files entirely on infrastructure we own. We use a mix of open-source and commercial libraries with no external API dependencies. Your files are never sent to third-party services for processing.
Privacy by Default
Image metadata stripped by default. EXIF data including GPS coordinates, camera info, and timestamps are removed from compressed images to protect your privacy.
No AI training. Ever. We do not use your files to train, fine-tune, or improve any machine learning model — ours or anyone else's. Your content is processed solely for the compression you requested, then deleted.
No content analysis. We do not scan, fingerprint, index, or analyze your file contents for advertising, profiling, or any purpose other than compression. We have no interest in what your files contain.
No filename analysis. We don't log, analyze, or monetize your filenames. We have no interest in what you're compressing or why.
Your Rights (GDPR)
Under GDPR, you have the right to:
- Access your job metadata
- Delete your files immediately (manual delete button) or request account data deletion
- Export your job history
- Object to processing
To exercise your rights, email privacy@compress.fast. We respond within 30 days. See our full Privacy Policy for details.
Contact
- Security issues: security@compress.fast
- Privacy requests: privacy@compress.fast
- General support: support@compress.fast