Home / Data control
Data control

Your files stay where you decide

When you send a document with a black-box service, that file is copied to another company's servers. Express flips the logic: your data stays in a dedicated, isolated space — your own R2 bucket and D1 database.

your-cloud · R2
🏢

Files stay here

  • Dedicated R2 + D1
  • Access and expiry: yours
  • Never in a shared area

The third-party fileserver problem

WeTransfer, Smash, Dropbox Transfer and similar tools are convenient because you manage nothing. But that convenience has a hidden cost: every file you send is stored on infrastructure you don't control. You don't decide where the data physically lives, how long it stays, who can access it inside the vendor, or which third parties it's shared with for analytics or advertising.

For a freelancer that's fine. For a company handling confidential pricelists, projects, customer data or contracts, it means moving sensitive information outside your security perimeter — often without IT and legal knowing.

The right question isn't “how convenient is it to send a file”, but “who owns that file after I've sent it”.

How Express keeps data at home

Express runs on a dedicated instance: an R2 bucket and a D1 database reserved for your company (in Enterprise, on your own Cloudflare account), served by a Worker on your domain. Your files never land in an area shared with other customers.

  • Your storage: files live in your cloud account, under your security policies.
  • Your access: the admin panel is protected by Cloudflare Access with your corporate identity (SSO).
  • Your retention: you set link expiry and automatic file deletion.
  • Your domain: links come from your company's subdomain, not an external brand.

What it means in practice

It means you can confidently answer the questions that matter: where are our documents, who can access them, when are they deleted. It means aligning file transfer with the same rules you apply to the rest of your information assets, instead of leaving it in a grey area run by third parties.

It's also the foundation for compliance: when data stays in your dedicated, isolated space, proving you meet internal policies and the GDPR becomes far simpler. We go deeper on the GDPR and file transfer page.

FAQ

Where are files physically stored?

In your Cloudflare R2 storage bucket. You choose the setup; no document is copied to Primo Round servers or any other vendor.

Who can access the admin panel?

Only the corporate identities you authorise via Cloudflare Access (SSO). Access is governed by your rules, not an external login.

Are files deleted automatically?

Yes: you set an expiry for each link and a retention policy. After expiry the file is no longer downloadable and can be removed automatically.

Read all FAQs →