Privacy policy

Last updated: 17 May 2026

filester moves files directly between two devices over WebRTC. The file bytes never reach our servers. The only thing our infrastructure relays is a few kilobytes of signaling so the two devices can find each other.

Contents Summary Data we handle Data we don't Third parties Retention Your rights Contact

1. Summary

This policy describes what data filester collects when you use the mobile app or web client at filester.app, how we use it, and the choices you have. We've designed the product to need as little data as possible.

2. Data we handle

2.1 Account data (only if you sign in)

filester can be used as a guest without an account. If you choose to sign in (with Apple, Google, or email/password), we store:

Your email address and display name, as provided by you or your identity provider.
An opaque user identifier issued by the identity provider.
Your subscription state and a RevenueCat customer reference, used to unlock Pro features across your devices.

2.2 Device code

Each device advertises a code so other people can send to it. Two formats exist:

Long-form codes (WORD-NNNN) belong to signed-in installs and persist across reinstall. They are stored on the devices row associated with your account.
Session codes (AB-NNNN) are issued by the broker for anonymous browser receivers. They live in the broker's memory with a ~30 minute time-to-live and are never written to disk.

2.3 Transfer history

If you're signed in, each transfer you send or receive on a logged-in install is recorded in the transfers collection on your account: the other party's device code, the file names, the total size, and whether the transfer completed. File contents are never stored. Local paths of received files stay on the device that received them and are not uploaded.

Anonymous receivers (no account, e.g. this web page) leave no transfer history on the server. You can clear your signed-in history at any time from Settings → Preferences → Clear history.

2.4 Signaling traffic

To start a transfer the two devices exchange a small amount of "signaling" data through our broker: a session offer/answer, ICE candidates (network addresses), and the file names and sizes that the recipient is being asked to accept. This is the minimum needed for WebRTC to connect two peers. We don't persist this traffic.

2.5 Operational logs

Our broker keeps short-lived logs of connection events (IP address, user agent, timestamp, broker errors) for abuse prevention and reliability monitoring. These logs are retained for no longer than 30 days and are not used for advertising or sold to third parties.

2.6 Diagnostics (opt-in)

If you opt in, crash and performance traces are sent to Sentry to help us fix bugs. Traces include the stack of the failing code path and a coarse device profile (model, OS version). They never include file content or contents of clipboards.

3. What we don't collect

File content. Bytes flow peer-to-peer over an encrypted WebRTC data channel (DTLS). Our infrastructure cannot read or store the files you transfer.
Address book or media library. filester only accesses files you explicitly pick or share into it.
Advertising identifiers. We don't ship ad SDKs and we don't sell data.
Location. We don't request or use GPS data. Your IP address is incidentally visible to our broker as part of normal internet traffic; we don't translate it into a location record.

4. Third parties

We rely on a small set of vendors. Each one only sees the data described:

Apple and Google. If you sign in with one of these, we receive the basic profile data they hand back.
RevenueCat. Manages your subscription state and receipts so Pro entitlements work across devices.
Sentry. Receives opt-in crash reports.
Apple App Store / Google Play. Handle payment and receipts when you subscribe to Pro. We never see your card details.
STUN/TURN providers. Help two devices on restrictive networks find each other. When TURN relay is needed the traffic is still end-to-end encrypted; the relay sees only ciphertext.

5. Retention

Account data — kept until you delete your account.
Device codes — kept while the device is active; rotated on request.
Signaling traffic — held only long enough to connect the peers.
Broker logs — up to 30 days.
Crash reports — up to 90 days.

6. Your rights

Depending on where you live, you can ask us to access, correct, export, or delete the personal data we hold about you. Email [email protected] with your request and we'll respond within 30 days.

You can sign out of the app at any time from Settings, which removes cached credentials from the device. Deleting your account also removes your RevenueCat customer record.

7. Children

filester is not directed at children under 13 (or the equivalent minimum age in your country). We don't knowingly collect data from them. If you believe a child has signed up, contact us and we'll remove the account.

8. Changes

We'll update this page when material changes happen. The "last updated" date at the top reflects the most recent revision. If a change is significant we'll surface a notice inside the app before it takes effect.

9. Contact

Questions or requests: [email protected].