Privacy Policy

Last updated: 2025-01-15

1. Introduction

Filarr ("we", "our", "us") is committed to protecting the privacy of its users ("you", "your"). This privacy policy describes how we collect, use, store, and protect your personal information when you use our file management software and associated services (collectively, the "Service").

Filarr is built on a zero-knowledge architecture. This means we technically cannot access the content of your files, their names, or their folder structure. Only the metadata strictly necessary for the service to function is processed by our servers.

2. Data Collection

2.1 Data you provide to us

  • Account information: Email address, encrypted password (hash). Your plaintext password is never transmitted to or stored on our servers.
  • Payment information: If you subscribe to a paid plan, your payment information is processed directly by our payment provider (Stripe). We never store your banking information.
  • Contact messages: If you contact us, we retain your name, email, and message to respond to your inquiry.

2.2 Data collected automatically

  • Technical metadata: Encrypted file sizes, creation and modification timestamps, anonymized user identifier. This data is necessary for synchronization and storage management.
  • Server logs: IP address (anonymized after 24 hours), browser type, operating system. These logs are used solely for security and abuse detection.

2.3 Data we do NOT collect

  • Content of your files
  • Names of your files
  • Your folder structure
  • Encryption keys
  • Telemetry data
  • Location data
  • Browsing history

3. Data Usage

We use collected data exclusively for:

  • Providing and maintaining the Service
  • Managing your user account
  • Processing payments (via Stripe)
  • Ensuring Service security and detecting abuse
  • Responding to your support requests
  • Complying with our legal obligations

We never sell your data. We never use it for advertising purposes. We never share it with third parties for marketing purposes.

4. Data Storage and Encryption

All your files are encrypted on your device with AES-256-GCM before being transmitted to our servers (or yours, if you use BYOS mode). The encryption key is derived from your password via Argon2id and never leaves your device.

In the event of a server compromise, stored data is mathematically inaccessible without your encryption key. This is the fundamental principle of zero-knowledge architecture.

Account data (email, password hash) is stored on servers located in the European Union, encrypted at rest with AES-256.

5. Third Parties

We only share your personal data with providers strictly necessary for the Service to function:

  • Stripe - Payment processing (subject to Stripe's privacy policy)
  • Server hosting provider - Server hosting in the EU (stored data is encrypted and inaccessible to the host)

We do not transmit any data to data brokers, advertisers, or third-party analytics platforms.

6. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the following rights:

  • Right of access - You can request a copy of all data we hold about you.
  • Right to rectification - You can correct your personal data at any time through your account settings.
  • Right to erasure - You can request complete deletion of your account and all associated data. Under zero-knowledge architecture, deleting your encryption key renders all data permanently unreadable (crypto-shredding).
  • Right to portability - You can export all your data at any time via the built-in export feature.
  • Right to object - You can object to the processing of your data at any time.
  • Right to restriction - You can request restriction of processing of your data in certain circumstances.

To exercise your rights, contact us at privacy@filarr.com. We will respond within 30 days.

7. Cookies

The filarr.com website only uses cookies strictly necessary for the site to function:

  • Session cookie - Maintains your login session. Expires when the browser is closed.
  • Language cookie - Stores your language preference (fr/en). Expires after 1 year.

We do not use any tracking cookies, analytics cookies (no Google Analytics), advertising cookies, or third-party cookies. No consent banner is necessary because we do not collect any browsing data.

8. Data Retention

  • Account data - Retained as long as your account is active. Deleted within 30 days of account deletion.
  • Encrypted files - Retained as long as your subscription is active. Deleted within 90 days of cancellation (unless previously exported).
  • Server logs - IP addresses anonymized after 24 hours. Logs deleted after 30 days.
  • Payment data - Retained by Stripe in accordance with their legal obligations. We do not store any banking data.

9. Security Measures

We implement the following security measures:

  • End-to-end AES-256-GCM encryption
  • Zero-knowledge architecture (we cannot access your files)
  • Key derivation via Argon2id
  • Encrypted communications (TLS 1.3)
  • Encryption at rest for server data
  • Regular security audits by independent firms
  • Open and auditable source code

10. Contact

For any questions regarding this privacy policy or the protection of your data, you can contact us:

  • Email : privacy@filarr.com
  • Postal address: Filarr, 42 rue de la Confidentialite, 75001 Paris, France

If you believe your rights are not being respected, you have the right to file a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertes) in France, or with the data protection authority of your country.

11. Changes to This Policy

We may update this privacy policy from time to time. Any significant changes will be notified by email and/or by a prominent notice on our website at least 30 days before they take effect. Continued use of the Service after the effective date constitutes your acceptance of the revised policy.