⚖️ Privacy + Terms — unlockfile.app

Jurisdicción: Argentina + consideraciones internacionales (clientes globales). Diferenciador clave: "no upload" — los archivos del cliente NUNCA salen de su máquina. Solo el hash viaja. Versión: 1.0 · 2026-04-18.

📋 PRIVACY POLICY — unlockfile.app

Last updated: 2026-04-18

unlockfile.app ("we", "us") provides professional password recovery services. This policy explains what data we collect and how we handle it.

1. Controller

• Controller: Joshua Sánchez.
• CUIT: {{cuit}}.
• Registered address: {{domicilio}}, Buenos Aires, Argentina.
• Privacy contact: {{email_privacidad}}
• WhatsApp: {{whatsapp}}

2. What we collect

2.1 When you contact us (via WhatsApp, email, form)

• Name.
• Email address.
• Phone / WhatsApp.
• Description of the file and situation.
• Any hints you provide about the password.

2.2 When you become a client (after quote acceptance)

• File type and metadata (NOT the file itself).
• Password hash (extracted by YOU on your own machine via our helper script).
• Proof of ownership documents (receipts, screenshots, ID showing you created/own the file).
• Billing information (invoice data, payment receipt).

2.3 What we DO NOT collect

• The original file itself. Never uploaded. We only receive the hash.
• The recovered password (once delivered to you, it's erased from our systems — see retention).
• Sensitive personal data (health, religion, political opinion, etc.) — not needed for the service.

2.4 Analytics

• Self-hosted Umami (no third-party tracking).
• IP (anonymized), browser, referrer, pages visited.

3. How we use the data

• Assess if your case is technically viable.
• Execute GPU-based password recovery attacks on the hash.
• Deliver the recovered password securely.
• Bill and document the service.
• Support you during and after the case.
• Improve our methodology with aggregated, anonymized metrics (never your specific case).

4. Data flow — key point

Your machine:
  [File + password-protected] → [Our helper script]
     ↓
  Only hash extracted (file stays on your machine)
     ↓
Our GPU server:
  [Hash] → [Attack runs]
     ↓
  [Password recovered]
     ↓
You receive password via secure channel (Signal / PGP / one-time link)
     ↓
Hash + password + case data deleted from our systems within 30 days

At no point do we have access to your original file or its contents.

5. Retention

• Inquiry data (pre-case): 90 days unless you become a client.
• Active case data: duration of the case + 30 days.
• Hash: deleted within 7 days of case closure (success or decline).
• Recovered password: deleted immediately after you confirm receipt.
• Proof of ownership documents: kept for 5 years (legal defense requirement).
• Billing records: 7-10 years (Argentine fiscal requirement).

Secure deletion method

• shred -u -n 7 (7-pass overwrite) for sensitive files.
• Database records purged, not just marked deleted.

6. Sharing with third parties

We DO NOT share your data with third parties, except:

• Infrastructure providers (hosting, payment processors) under confidentiality agreements.
• Legal authorities ONLY with a valid, binding court order, after notifying you (unless prohibited from notifying by the order itself).

We never sell, rent, or share data for marketing or any other purpose.

7. International transfers

• Primary GPU infrastructure: {{ubicación_servidores}}.
• All transfers protected by SCCs or equivalent safeguards.
• Argentina is recognized as "adequate" for data protection.

8. Your rights

Under Argentine Law 25.326 and GDPR (for EU clients):

• Access: know what data we have about you.
• Rectification: correct inaccurate data.
• Deletion: ask us to delete your data (except what we must keep by law).
• Portability: receive your data in a structured format.
• Opposition: opt out of specific processing.

Exercise via email to {{email_privacidad}}. Response within 15 days.

9. Security

• TLS 1.3 for all communications.
• AES-256 encryption for all stored data.
• Isolated processing: each case runs in a separate encrypted volume.
• Access control: single operator (Joshua Sánchez), MFA everywhere.
• Incident response: breach notification within 72 hours.

10. Special policies

10.1 We only work with wallets/files YOU own

• We require Proof of Ownership before starting any work.
• We reject cases involving files of third parties (ex-partners, deceased without inheritance, etc.).
• If we suspect bad-faith, we decline without prejudice.

10.2 Confidentiality of recovered passwords

• The recovered password is yours alone.
• We don't use it to access your file (we never have your file).
• We don't keep a copy after delivery.

10.3 Failed cases

• If we can't recover: you pay NOTHING.
• We issue a Certificate of Deletion confirming all case data was erased.
• You can always retry in the future if new hints emerge (new scope, new contract).

11. Cookies

• Session cookies (required for form functionality).
• Analytics cookies (self-hosted, no profiling).
• No ad cookies, no third-party trackers.

12. Children

Service not intended for users under 18.

13. Changes

Material changes notified by email (if you're a client). Updates posted on /privacy.

14. Contact

• Email: {{email_privacidad}}
• WhatsApp: {{whatsapp}}
• Address: {{domicilio}}, Buenos Aires, Argentina.

📜 TERMS OF SERVICE — unlockfile.app

Last updated: 2026-04-18

By engaging with our password recovery service, you accept these Terms.

1. The Service

unlockfile.app provides GPU-accelerated password recovery for: - Office files (Word, Excel, PowerPoint) all versions. - Archive files (ZIP, RAR, 7z). - PDF files. - BitLocker volumes. - KeePass databases. - Other password-protected file types (case-by-case).

2. Pricing

2.1 Success fee model (default)

• You pay ONLY if we recover the password.
• Flat fee starts at USD 30, typically USD 30-100 depending on file type and complexity.
• BitLocker, enterprise files, or complex cases: USD 100-500.
• No upfront payment. No charge if we fail.

2.2 Quote before work

• Every case starts with a free 15-minute diagnosis.
• Exact fee quoted before any GPU time is committed.
• You must explicitly accept the quote to proceed.

2.3 Payment on success

• Once we confirm recovery, payment due within 24 hours.
• Accepted methods: bank transfer (AR), Mercado Pago (AR), USDT (BEP20/TRC20), PayPal (international).
• Invoice issued immediately upon payment.

3. Your commitments

You agree to:

• Legal ownership: provide files you own or have explicit written permission to recover.
• Proof of ownership: submit reasonable evidence (purchase receipts, file creation metadata, account screenshots, ID showing account holder name matches).
• Hash extraction: run our helper script on YOUR machine; the file never leaves your device.
• Timely payment: upon successful recovery, pay within 24h.
• Truthful information: no misrepresentation about the file or your identity.

4. Our commitments

• Attempt recovery using best-practice methods (dictionary, mask, combinator, rule-based attacks).
• Communicate status every 24-48 hours during active work.
• Stop and declare failure after reasonable GPU time limit (agreed in scoping).
• Deliver the password via secure channel agreed with you.
• Issue a Certificate of Deletion at case closure (success or failure).
• Never access, use, or keep the recovered password beyond delivery.

5. Refund and failure policy

• Failure: you pay nothing. We issue Certificate of Deletion.
• Partial recovery: (rare) negotiable fee based on partial result.
• Recovery but you dispute: we provide technical evidence; payment due unless you demonstrate fraud or error on our part.

6. Prohibited uses

You may NOT use our service to:

• Recover passwords of files you don't own or don't have rights to access.
• Recover credentials for illegal purposes.
• Access systems or accounts of other people without authorization.
• Circumvent digital rights management for piracy.

If we suspect misuse, we terminate the case immediately with no refund and may report to authorities if required.

7. No warranty on recovery

• Password recovery is probabilistic. Some passwords are mathematically infeasible to recover.
• We give honest probability estimates in the scoping phase.
• No guarantee that we will succeed.
• No liability if we fail despite reasonable effort.

8. Confidentiality

• We treat all case information as strictly confidential.
• Duration: indefinite (we don't disclose after case closes).
• Exception: legal obligation to disclose.

9. Liability limitation

• Our liability is limited to the fee paid for the specific case.
• We are NOT liable for:
• Files corrupted by your own actions before contacting us.
• Data loss on your machine during hash extraction.
• Indirect damages (business interruption, lost opportunity).
• Exception: gross negligence or willful misconduct on our part.

10. Case closure

• Successful: password delivered + payment received + Certificate of Deletion issued.
• Unsuccessful: we confirm failure + Certificate of Deletion issued + no charge.
• Abandoned (client disappears post-hit): we follow the playbook-cliente-desaparece.md protocol → legal escalation + deletion after 30 days.

11. Intellectual property

• Our scripts, methodology, and tools are our property.
• Case-specific data (hash, recovered password) is yours.
• We may publish anonymized case studies (no identifiable information) for marketing, with opt-out available per case.

12. Termination

• You may cancel an active case at any time. If we've already invested GPU time, we may charge a reduced fee proportional to work done (documented in scoping).
• We may terminate a case if:
• You violate these Terms.
• You can't provide reasonable Proof of Ownership.
• We discover the case involves third-party file ownership.
• Continuing is technically infeasible.

13. Governing law

• Argentine law for clients based in Argentina.
• Clients outside Argentina: consumer law of your jurisdiction applies where it grants you better protection.
• Dispute resolution: first informal negotiation (30 days), then arbitration under ICC rules, final jurisdiction Buenos Aires courts.

14. Changes

Material changes announced 30 days in advance. Applicable only to new cases (not active ones).

📎 Implementation notes

• Link /privacy and /terms from every page footer.
• Explicit acceptance checkbox before first quote request.
• Include "Proof of Ownership" and "Certificate of Deletion" as linked documents where relevant.

Related docs

• proof-of-ownership.md (in 05-walletrecovery/templates/, applicable framework).
• NDA-mutuo.md (in 05-walletrecovery/templates/, signed before active cases for sensitive cases).
• job-closure.md (internal process for case closure).
• playbook-cliente-desaparece.md (protocol for non-payment).