Privacy Policy
Last updated: 14 June 2026
Fyles is built so that your data stays on your devices. There is no Fyles account, no Fyles server that stores your files, and no analytics or advertising. This policy explains what that means in detail.
1. Who is responsible
The controller responsible for the Fyles app within the meaning of the EU General Data Protection Regulation (GDPR) is:
We have not appointed a Data Protection Officer because the nature and scope of our processing does not require one under GDPR Art. 37. See also our Impressum.
2. The short version
Fyles does not collect your personal data on any server.
- No user accounts and no sign-up.
- No analytics, advertising, tracking, or profiling SDKs.
- No Fyles-operated server that receives, stores, or sees your files.
- Files travel directly from device to device.
- Your files, contacts and cryptographic keys are stored only on your own device.
3. Data processed on your device
To do its job, Fyles stores and processes the following on your device only. This data is not transmitted to us and we have no access to it.
| Data | Purpose | Where it lives |
|---|---|---|
| Files you send and receive | The core function of the app | Your device storage (e.g. your chosen download folder) |
| Contacts you add (name and their public cryptographic identity) | To recognise and securely authenticate the people you exchange files with | A local database on your device |
| Your own cryptographic keys and device identity | To secure and authenticate connections | A local database on your device; private keys never leave the device |
| File-request (“inbox”) metadata | To manage the links through which others send you files | A local database on your device |
| App logs | Local diagnostics only | Your device; not transmitted by default |
4. Data transmitted between devices (peer-to-peer)
When you transfer a file, it is sent directly to the recipient’s device over an encrypted, authenticated connection. The connection is protected end-to-end using modern, published cryptography (see our Encryption & Export Compliance page).
Fyles works in two networking modes:
- Local network (e.g. your Wi-Fi): devices discover each other directly on the local network. No external servers are involved.
- Internet: to find peers across the internet, Fyles uses the public, third-party libp2p bootstrap and discovery infrastructure. These are independent public nodes operated by the libp2p project, not by Fyles. They help two devices locate one another; your file contents remain end-to-end encrypted and are not readable by them. Establishing a connection necessarily reveals network information such as your IP address to the peer and to the discovery infrastructure, as is inherent to any internet communication.
5. What we do NOT collect
We do not collect, store, sell, or share: your name, email, contacts, files, location, advertising identifiers, usage analytics, or any behavioural data. Fyles contains no advertising and no third-party tracking SDKs.
The app’s backend includes optional diagnostic tracing (OpenTelemetry) that is disabled by default and only emits data if you explicitly configure a tracing endpoint of your own. We do not operate or receive data from any such endpoint.
6. Device permissions
Fyles requests only the permissions it needs to function:
| Permission | Why |
|---|---|
| Internet / network | To establish peer-to-peer connections and transfer files |
| Camera | To scan a QR code when adding a contact or pairing a device |
| Photos / Documents | So you can choose photos or files to send, and save received files |
| Storage | To read files you send and write files you receive |
| Notifications | To let you know about file-transfer activity |
| Run in background / foreground service (Android) | To keep transfers running reliably while the app is not in the foreground |
7. Cookies and web tracking
This website and the app do not use cookies, web beacons, or any tracking technologies.
8. Children
Fyles is not directed at children under the age of 13 (or the equivalent minimum age in your jurisdiction, e.g. 16 in parts of the EU). We do not knowingly collect data from children. Because the app collects no personal data on any server, it does not build profiles of any user, including children.
9. Data retention
Data stored by Fyles remains on your device for as long as you keep the app installed and choose to keep it. Uninstalling the app, or using the in-app delete functions, removes the corresponding local data. See Data Deletion.
10. Your rights
Under the GDPR and similar laws you have rights of access, rectification, erasure, restriction, portability, and objection regarding your personal data. Because Fyles stores your data only on your own device and we hold none of it on a server, you exercise these rights directly: the data is in your possession at all times and can be viewed, exported, or deleted by you on the device. If you believe we nonetheless process your personal data, contact us at privacy@fyles.app. You also have the right to lodge a complaint with a data protection supervisory authority.
11. Changes to this policy
We may update this policy as the app evolves. Material changes will be reflected by the “last updated” date above and, where appropriate, announced in the app or on this site.
12. Contact
Questions about privacy: privacy@fyles.app.
This document is provided as accurate information about how the app works. It is not a substitute for individual legal advice and should be reviewed by qualified counsel before publication for store submission.