How long do files persist on server after deletion?


#1

How long do files persist on server after deletion? Ive deleted a number of files from the GFUI, and while they dont show up in the GFUI, they still exist on your server. How long does this file stay on your server? When is it deleted?


#2

Yes, it would be nice to know what kind of privacy safeguards are in place


#3

Ive considered doing things like engraving a QR code for a crypto coin wallet onto something permanent, but theres no way Im ever going to do that if that image persists in their database/file system forever.

I was under the assumption it was deleted when you hit ‘DELETE’, but it appears otherwise. I hope they will change this to remove our files when we issue the command.


#4

How did you determine they still exist on the server if it doesn’t show in the UI?


#7

:slight_smile:️ I keep thinking I’ll do that (nothing like metal or even rock for permanence - I’m deathly afraid I’m going to misplace my recovery data for the Trezor). But then I wonder what that info would be sitting in/behind on their servers and I just make more photocopies instead. Which just means someone is sure to find those :stuck_out_tongue:


#8

I wonder what kind of access people have if they have the URL as well, if I know the URL for someone elses files, can I use them? Or are restricted to the user who created them?

dun dun dunnn


#9

Unless they’ve changed something there is no security on them whatsoever. There used to be a link to download your files in the GFUI during prerelease and we would share links with each other when troubleshooting.

That is troubling as well, but not so much as the fact that it appears the files stay there forever. That is really concerning to me. I’ll have to read back through the EULA.

This could also get in the way of NDA projects on the Glowforge, which I’m going to have to be very specific about in my contractual disclosure.

@dan is this something you guys are planning on fixing, or are all files stored on Glowforge servers forever, once uploaded?


#10

Relevant bits in section 7.2 of the GF terms of service:

“By uploading this User Content to a private area of the Service, you grant Glowforge a worldwide, non-exclusive, royalty-free, fully paid right and license to host, store, transfer, display, perform, reproduce, and modify, that User Content for the full period of time that you maintain your account on the Service, solely to enable your use of that User Content or to resolve any issues that may arise with the Service.”

Basically, anything you upload, you’re granting them rights to store until you cancel your account, in theory just for your own use, but, well…


#11

Ha thanks for looking that up for me.

It says ‘solely for my use’. So they have no need to keep that content if it’s ‘solely’ for my use.

I would assume that when I end my use of my content with Glowforge and click delete it will be deleted.

I can’t see any reason they would keep it.


#12

Well, logically, there really isn’t, but the language does allow them to keep it as long as you have an account, to display it, move it, and even modify it… Theoretically they would never need to modify a file you uploaded to print.

I expect someone was probably thinking about technical support and troubleshooting when coming up with that, and then the lawyers made it a bit… encompassing. What terms of service never really get into either is employee agreements for user files. Everyone with access to the back end of the app likely has access to user uploaded files on some level. Support, developers, QA, etc. And that’s even if they lock down the security so other users with the link can’t access it.

I wouldn’t upload anything that had any sort of sensitive information in it (like banking info, bitcoin wallets, passwords, etc.).


#13

Indefinitely, I believe. We could add code to permanently purge files after some number of days - I’ll add that to the hopper.


#14

Great! Thank you!

Would it be possible to add an immediate delete option for sensitive files at some point?


#15

Hopperized as well!


#16

Is there a way to re-access these files once I’ve hit delete?


#17

There is until you close the app. There is an Undo button right in the middle of the former file space.


#18

If you want to delete this file from the UI, hover over the top right corner and click the down caret…
Capture

…click “Delete Design”…
Capture2
…and it’s gone, but gives you an UNDO button…
Capture3
Click it and you’re back where you started…
Capture

HTH :wink:


#19

@Jules and @dwardio
Thanks!

My intention was more along the lines of, if the files are stored forever, can I re-access them months later? Otherwise I don’t see why they need to be stored. I’d rather something I click delete on be deleted.


#20

I can’t speak for Glowforge, but I have some experience building software, and in particular large scale distributed systems. It’s often more efficient to not immediately delete things, but instead mark them as deleted, and have a cleanup process come along periodically and do the deletes in bulk. There may be similar architectural reasons why the underlying files are still around even after being removed from the GFUI, and from Dan’s comment it sounds like they just haven’t gotten around to implemented step 2 yet.


#21

Just want to point out that this would violate your own terms of service, where you specify uploading an image grants GF the right to store it until account cancellation.

Per the ToS (emphasis mine):
“By uploading this User Content to a private area of the Service, you grant Glowforge a worldwide, non-exclusive, royalty-free, fully paid right and license to host, store, transfer, display, perform, reproduce, and modify, that User Content for the full period of time that you maintain your account on the Service, solely to enable your use of that User Content or to resolve any issues that may arise with the Service.”

May want to have a chat with the lawyers if, as I assume, nothing’s being deleted from the servers.


#22

It’s fairly common for small companies to cover that particular bit manually until it gets onerous (not planned, just deferred work). Plus, they may have automated it and Dan was shooting from the hip he forgot to mention that delete account was different.

But there are a few things like this that all companies that want to do business with the EU will have to get buttoned up nice and tight for the GDPR next May.