File names and files that are not encrypted prior to being uploaded are readable by the service owner.
Files are automatically deleted after a specified period of time. Anyone knowing the location of the files can delete them manually.
Meta data about transactions, including the source IP address of clients uploading and downloading files, is logged for abuse handling purposes and may be shared with third parties in this context.
This service is using HTTPS to secure data in transit and server side encryption to secure data at rest (file content but not meta data). These mechanisms provide data protection from a limited set of scenarios such as man-in-the-middle attacks and data leaks from the object storage service. The content is, however, not encrypted while data in use and the application can decrypt the files as needed for delivery.