Privacy Policy

Last updated: 2026-05-13

1. Overview

File Tunnel ("the Service") is a real-time file transfer relay. We are committed to handling your data with care and transparency. This Privacy Policy describes what we collect, why, and how it is used.

2. Files You Transfer

We do not store the files you send. The Service operates as a pure relay: file chunks travel from sender to receiver in real time over a WebSocket tunnel. No file content is written to disk on our servers, and no file content is logged.

Once a transfer session ends or expires, no trace of the file content remains on the Service.

3. Transfer Metadata

We store minimal metadata required to operate the relay:

• Transfer code (auto-generated identifier)
• File name and file size
• Number of expected receivers and chunk progress
• Timestamps (created, expires)

Transfer metadata is automatically deleted when the session expires (default 12 hours).

4. IP Address

Your IP address is briefly read to enforce per-IP rate limits and prevent abuse. The IP is kept in memory only, within a rolling one-hour window, and is not persisted to disk or shared with third parties.

5. Account Data (Optional Sign-In)

Sign-in is optional and only required for upgraded plans. If you sign in with Google, we receive your Google account ID, email, name, and profile picture. We store a session token in your browser's localStorage to keep you signed in. You can sign out and delete this at any time.

6. Cookies and Analytics

We use Google Analytics (Google Tag Manager) to understand aggregate usage. Analytics cookies may identify your browser session but do not link to personal identity. We may, in the future, display advertising through Google AdSense; if enabled, AdSense will set its own cookies as described in Google's partner-sites policy.

7. Data Sharing

We do not sell or rent your personal information. Limited data may be processed by:

• Google Analytics and Google AdSense (analytics and advertising)
• Google Identity Services (if you choose to sign in)
• LemonSqueezy (if you make a paid purchase; billing information is handled solely by them)
• Our hosting provider (server logs, transient network metadata)

8. Security

Transfers are protected by TLS in transit. Because we do not store file content, there is no at-rest exposure of your files on our servers. Receivers identify a transfer only via the unique transfer code shared by the sender.

9. Children

The Service is not directed to children under 13. If you believe a child has provided us personal information, please contact us.

10. Your Choices

• Use the Service without signing in to remain anonymous.
• Clear your browser's localStorage to remove the session token.
• Disable cookies through your browser settings (some features may stop working).
• Contact us to request deletion of account data.

11. Changes

We may update this Privacy Policy. Material changes will be reflected on this page with an updated "Last updated" date.

12. Contact

Questions about privacy? Email ssin6505@gmail.com.