This Privacy Policy ("Policy") for SecureFolderFS ("we", "us", or "our") describes how and why we collect, store, use, and disclose information about users ("you", "your") when you use our services ("Services") which include our desktop and mobile applications (the "Application", "SecureFolderFS"). By using our Services, you acknowledge and consent to the practices described in this Policy.
SecureFolderFS is designed as a zero-knowledge encryption application.
- All encryption and decryption operations are performed locally on your device
- We do not have access to:
- encrypted files,
- file contents,
- passwords,
- encryption keys,
- recovery keys.
Because we never possess or have access to encrypted user data, we do not act as a data controller or data processor, within the meaning of the General Data Protection Regulation (EU) 2016/679 (“GDPR”), with respect to the encrypted files stored within SecureFolderFS.
We collect only non-personally identifiable technical information, strictly limited to what is necessary to operate and improve the Application.
Diagnostic Information. The Application may collect non-identifiable diagnostic data such as:
- fault and crash reports,
- performance logs,
- technical information about your device (e.g. operating system version, Application version, origin country).
Diagnostic log files may also be stored locally on your device. These files are not shared with us by default.
Usage Information. We collect non-identifiable information about your use of our Services, including but not limited to interactions within the Application, enabled user preferences (Application settings), and usage patterns. Furthermore, our Application uses certain services provided by and Microsoft, and Functional Software, Inc. which include Sentry, and Microsoft Partner Center to collect usage data. To learn more about how data is collected, used, and disclosed by Functional Software Inc., Microsoft and its subsidiaries, please review their respective privacy policy statements:
- Microsoft Privacy Policy Statement: https://privacy.microsoft.com/en-us/privacystatement
- Sentry Privacy Policy Statement: https://sentry.io/privacy
We do not collect personal data, and we do not intentionally collect information that identifies you as an individual.
Any processing of diagnostic or usage information is performed in accordance with Article 6(1)(f) GDPR, based on our legitimate interest in:
- maintaining application stability and security
- diagnosing faults and crashes
- improving performance, usability, and reliability.
This information may include coarse, country-level location data derived for the purpose of identifying regional reliability issues, platform-specific failures, or regulatory compliance requirements. We do not use collected information for advertising, profiling, or marketing purposes.
Mitigate Reliability Issues. We may use the aggregated information to diagnose and address any unexpected issues that may arise during the use of our Application. This may include analyzing diagnostic data, such as fault analysis and performance logs, to identify the root cause of the issue and develop a solution to resolve it.
Identify Usage Trends. We may use the information to identify and analyze usage trends for our Services and Application. This may include analyzing aggregated usage data to understand how users interact with our Services and to measure their utilization intensity. We may use this analysis to improve the functionality, usability, and performance of our Services and to inform future development decisions.
We do not sell, rent, or share collected information with third parties. Diagnostic and usage data may be processed by the third-party service providers listed above solely for the purposes described in this Policy.
We retain diagnostic and usage information only for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law.
Where applicable under GDPR, you have the right to:
- request access to information we process,
- request restriction or deletion of such information.
Because we do not process encrypted user content or personal files, these rights apply only to the limited technical data described in this Policy. Requests may be made via the project’s official contact channels.
We may modify, update, or amend this Privacy Policy from time to time to reflect changes made to our Application. When we change this Policy in a material manner, we will inform you of such changes by updating the 'Effective date' notice. It is your responsibility to review this Privacy Policy periodically to stay informed of any updates. Your continued use of the Services after any modifications to this Policy constitutes your acceptance of such changes.