Privacy Policy
Last updated July 2, 2026
Privacy isn't a setting in Sendfile. It's the architecture. This policy explains the little we can see, the lot we can't, and what we do with it.
The short version
- Your files and their filenames are end-to-end encrypted on your device. We only ever relay ciphertext, so we cannot read them.
- We never store delivered files. They are deleted the instant a transfer completes.
- We don't sell your data, run ad trackers, or build advertising profiles.
- We keep the minimum metadata needed to route transfers and run the service.
What we cannot see
File contents and filenames are encrypted with your recipient's public key (age, X25519) before they leave your device. The relay handles opaque blobs. We have no key, no ability to decrypt, and no plaintext copy, not in transit, not at rest, not ever.
What we necessarily see
To move a file from one person to another and to protect the service, our servers process a small amount of metadata:
- Account identifiers: the display name you chose and the device token hash used to authenticate requests.
- Transfer metadata: sender, recipient, encrypted size, timestamps, and delivery outcome. This is retained as transfer history.
- Operational data: IP address and coarse request logs, used for security, abuse prevention, and rate limiting, kept for a limited period.
- Billing data (Pro only): handled by our payment processor; we store a customer reference, not your card number.
Why we keep it
We use this metadata only to deliver transfers, show you your own send/receive history, enforce quotas, prevent abuse, and provide support and billing. We do not use it for advertising, and we do not sell it.
Sharing
We share data only with infrastructure and payment providers who process it on our behalf under contract, and only when legally compelled by a valid request, in which case the most we can ever produce is metadata, because we do not hold your file contents.
Your rights
You can request a copy of the metadata associated with your account, ask us to delete it, or delete your account outright. Email hello@sendfile.dev from a device that controls your token and we'll take care of it. Deleting your account removes your friendships and identity; transfer history tied to your account is purged on request.
Cookies and analytics
The website uses only essential cookies. If we ever add product analytics, it will be privacy-respecting and aggregate, and we'll say so here. The Sendfile client itself uses no cookies.
Contact
Questions or requests about privacy: hello@sendfile.dev. We'll respond promptly, and a human will read it.
This document is written in plain language for clarity and is provided as-is. It isn't legal advice. Questions? Email hello@sendfile.dev and a human will answer.