WebDisk Files — Service-Specific Terms
Version: 1.0 · Effective: 2026-06-09
These Service-Specific Terms (the "Files Terms") supplement the general WebDisk SaaS Terms with respect to the WebDisk Files service (the "Service"). Where these Files Terms are silent, the SaaS Terms apply. Where they conflict, the Files Terms prevail.
Provider: WebDisk ("We" / "WebDisk") — registered in Poland, full contact details in the footer of files.webdisk.io.
Customer: the organisation or individual whose admin opened an account in the Service (the "Customer" / "You").
1. Scope of service
1.1. WebDisk Files is a cloud file-storage, sharing and synchronisation service built on an S3-compatible object store (Ceph RADOS Gateway, "RGW").
1.2. The Service includes:
- a web panel for managing files and magazyny (S3 buckets),
- a desktop application (Windows, macOS, Linux) for bidirectional folder sync,
- direct S3 API access with per-user RGW subuser credentials,
- public share links,
- internal sharing between users of the same organisation,
- Server-Side Encryption with Customer-Provided Keys (SSE-C),
- file versioning,
- optional Anti-Ransomware protection (S3 Object Lock in Compliance mode) — see Section 4.
1.3. Plan-specific limits (TB quota, per-user GB, max upload size) and prices are visible in the Customer panel and on files.webdisk.io.
2. Account and roles
2.1. Organisation admin (ORG_ADMIN) manages the organisation: adds/removes users, changes the plan, decides on encryption, creates magazyny, accepts invoicing. The admin account is created when a subscription is purchased.
2.2. User (USER) uses an assigned magazyn within the permissions granted by the admin.
2.3. Customer is responsible for the confidentiality of admin and user credentials, for proper use of MFA (TOTP) where offered, and for managing permissions inside the organisation.
2.4. Customer does not share credentials with third parties. On suspected compromise — change the password immediately and notify us by email.
3. SSE-C encryption — disclaimer
3.1. The Customer may enable magazyn-level encryption (SSE-C, Server-Side Encryption with Customer-Provided Keys). The key is generated once, stored on the WebDisk side encrypted at rest (AES-256-GCM, master key in the configuration vault) and supplied to RGW on every read/write.
3.2. Loss of the key causes irrecoverable data loss. This includes:
- closing the admin account without first exporting data,
- loss of access to the WebDisk master key due to disaster — though redundant, not 100% excluded,
- intentional key revocation by the Customer.
3.3. The operator (WebDisk) cannot recover encrypted files after key loss. This is a deliberate security property, not a defect.
3.4. The Customer accepts this when enabling SSE-C in the panel and bears full responsibility for the consequences of key loss.
4. Anti-Ransomware (S3 Object Lock)
4.1. The Anti-Ransomware feature enables S3 Object Lock Compliance on the selected magazyn with a Customer-chosen retention period (90 days – 7 years).
4.2. The decision is one-time and irreversible:
- Anti-Ransomware cannot be disabled once enabled,
- the retention period cannot be shortened,
- every version of every object becomes locked at upload time for the chosen period, counted from each PUT date (sliding window).
4.3. Storage usage impact:
- every edit creates a new locked version — old versions stay locked until their own retentions expire,
- magazyn usage can grow substantially faster than in a regular magazyn,
- the Customer's subscription quota counts ALL versions including locked ones,
- after a retention lapses, an optional lifecycle policy can auto-reclaim space ("Auto-free" toggle at enable time).
4.4. Deletion impact:
- a locked file cannot be deleted via the Customer panel, API or desktop app; attempting it creates a delete marker (the file disappears from listings but locked versions remain),
- an Anti-Ransomware magazyn cannot be deleted while any locked versions exist,
- an Anti-Ransomware magazyn cannot be renamed.
4.5. Operator exception. WebDisk, as the infrastructure operator, technically can perform a low-level intervention (radosgw-admin) that removes data physically from RGW bypassing S3 Object Lock. We use this only:
- on a signed written request from the Customer via "Report a problem" in the panel or by email to support@webdisk.io,
- after positive Customer identity and authority verification,
- after internal review of the request by at least two authorised WebDisk staff,
- in cases of actual necessity (e.g. court order, mistaken enablement on test data within 24h of activation).
4.6. Compliance waiver. Performing the operation under §4.5 in a given organisation causes loss of the "compliance-grade immutability" claim across the previously-protected magazyn — the action is recorded in the organisation's audit log and communicated to the Customer in writing.
4.7. For regulated data (GDPR, SOC2, HIPAA, financial supervision, MAR) the Customer enables Anti-Ransomware at their own discretion. We recommend consulting a lawyer / DPO before enabling.
5. File sharing
5.1. Public links (Share). The Customer may create a short-lived link to a file or folder. Each link:
- has an expiry date (default 7 days, max 90 days),
- can optionally be password-protected,
- has a configurable download limit,
- can be revoked at any time by the Customer.
5.2. Internal sharing (Współdziel). The Customer may share a file or folder with a specific user in the same organisation. The recipient sees shared content under "Shared with me" in their panel.
5.3. Customer liability for shared content.
- The Customer bears full responsibility for content shared through the Service with third parties,
- The Customer does not share content that violates the law or third-party rights (see Section 7),
- WebDisk does not proactively monitor link content but reserves the right to block links violating the Terms upon notification or automated detection (e.g. malware signal).
6. Infrastructure and data resilience
6.1. Data location. All Customer data (files, metadata, internal backups) is stored on WebDisk infrastructure located within the European Union (Poland). Data is not copied outside EU/EEA.
6.2. Redundancy. The RGW cluster maintains 3× replication of every object at the Ceph layer. A single disk, OSD node or entire rack failure does not cause data loss.
6.3. Backups. We snapshot application metadata (MySQL) every 24h with 30-day retention. The object store itself is protected by Ceph replication; no separate "outside" backup is taken.
6.4. Customer-side backup recommendation. Despite our redundancy, we recommend the Customer maintain a separate backup of critical data outside the Service — per the 3-2-1 rule (3 copies, 2 media, 1 off-site). The desktop sync app can serve as one such medium.
6.5. Availability (SLA).
- Web panel and API availability target: 99.5% per month (max 3h 30min unavailability / month),
- RGW storage availability target: 99.9% per month (max 43min / month),
- Priority ticket response: < 4 business hours during 09:00–17:00 CET business days,
- Standard ticket response: < 24 business hours,
- On SLA breach the Customer is entitled to a credit proportional to the unavailability (max 50% of monthly fee), claimable within 30 days of the incident.
6.6. Maintenance windows. Announced maintenance is communicated by email with min. 72h notice to the organisation's contact address. Critical security updates may require shorter notice.
7. Acceptable Use Policy (AUP)
7.1. It is prohibited to use the Service to:
a) store, share or process child sexual abuse material (CSAM) — every instance is reported to local authorities (NASK/Police) without notifying the Customer;
b) infringe copyright or related rights — including distribution of illegally copied works, software, e-books, video, etc.;
c) distribute malware, ransomware, exploits, unauthorized-access tools;
d) phishing, fraud, spam, identity-theft attempts;
e) hate speech, terrorist content, incitement to violence;
f) doxxing — publishing personal data of third parties without lawful basis;
g) process specially-regulated data (HIPAA US medical data, PCI-DSS full payment-card numbers) without prior written arrangement with WebDisk for appropriate DPA and configuration.
7.2. Suspected-violation procedure.
- Upon detection of a violation (report, automated detection, court order) we may immediately block access to a specific file/link or the entire account,
- The Customer receives an email notice describing the violation and a response deadline (typically 7 days),
- For violations under §7.1.a the block is immediate and unannounced; the matter goes to authorities.
7.3. Authority requests. WebDisk honours lawful requests from Polish authorities (Prosecutor's Office, Police, ABW, KAS, courts). We notify the Customer of the request where law permits (we do not notify where a non-disclosure clause applies).
8. Termination, retention, right to be forgotten
8.1. Customer-initiated termination. The Customer may at any time:
- cancel the subscription in the org-admin panel → access is retained until the end of the paid period, after which the account enters scheduled deletion,
- close the organisation immediately via "Close organisation" in the org-admin panel (GDPR Art. 17) — without waiting for the period end,
- close a user account (USER role) via "Close account" in the profile (GDPR Art. 17).
8.2. 30-day grace period. After any of the options in §8.1 we retain the account for 30 days (grace window) during which the Customer can cancel the deletion by signing back in and clicking "Cancel deletion". After 30 days the data is physically removed (daily cron).
8.3. Anti-Ransomware magazyny on closure. Files in Anti-Ransomware magazyny are removed as each version's retention lapses. The Customer pays no further fees (subscription cancelled), but the physical removal happens progressively — process described in Section 4.
8.4. Pre-closure data export. The Customer may at any time request a full export of their data (GDPR Art. 15 & 20) via "Export my data" in the profile. The export contains:
- all Customer files (decrypted if SSE-C was on),
- a JSON with metadata (profile, magazyny, shares, subscription).
The download link is valid for 14 days. Limit: 1 export per 7 days per account.
8.5. Audit-log retention after closure. After the account is physically purged we retain:
- anonymised access audit log (timestamp, action, status code — no personal data) — for 12 months for security and authority-request purposes,
- accounting metadata for transactions (invoice numbers, amounts, VAT IDs) — for 5 years per Polish accounting law.
8.6. Termination by WebDisk. WebDisk may terminate the agreement:
- immediately for Section 7 (AUP) violations — preserving export rights for 14 days,
- with 30-day notice for payment arrears exceeding 60 days from the first unpaid invoice,
- with 90-day notice if withdrawing the entire Service from the market.
9. Subprocessors
WebDisk uses the following subprocessors to provide the Service:
| Subprocessor | Purpose | Location | Data status |
|---|---|---|---|
| Stripe Payments Europe Ltd. | Card payment processing | Ireland (EU), possible transfer to US under verification | DPF (Data Privacy Framework), SCC |
| SMTP operator (configured by Customer or default) | Transactional email delivery | EU (default) | DPA |
| Cloudflare Inc. (if enabled) | DDoS protection (not used by default) | Global | DPF |
The current list is published at files.webdisk.io/subprocessors. We notify changes by email with 30-day notice. The Customer may raise a reasoned objection.
10. Security incident reporting
10.1. Customer-side incidents: The Customer promptly notifies WebDisk of any security breach of their account (stolen password, compromised SSE-C key, suspicious logins) via support@webdisk.io or "Report a problem" in the panel.
10.2. WebDisk-side incidents: In case of a breach on our side we notify the supervisory authority (UODO) within 72h per GDPR Art. 33, and affected Customers without undue delay where there is a high risk (GDPR Art. 34).
11. Final provisions
11.1. Changes to the Files Terms. These Terms may be updated. The current version is shown at the top of the document. We notify material changes by email with 30-day notice and require re-acceptance by the Customer at first login after the change takes effect.
11.2. Precedence between language versions. In case of discrepancy between PL and EN, the PL version prevails.
11.3. Jurisdiction. Disputes are subject to Polish courts having jurisdiction over WebDisk's seat.
11.4. Contact. Questions regarding these Terms: legal@webdisk.io.
Document: webdisk-files / Service-Specific Terms · version 1.0 · effective 2026-06-09