Privacy policy

Fileroom is built so the simplest answer to "what happens to my files?" is also the right one: nothing. Every conversion runs on your device. The app does not upload the files you convert, the converted outputs, their names, sizes, or any other identifying metadata to any server we control. This page explains, in detail, the few things the app does talk to outside your device and what you can do about each of them.

1. Files you convert

Files you pick or share into Fileroom — and the files Fileroom produces from them — stay on your device. They live in the app's sandbox (iOS), the app's scoped storage (Android), or — in your hands — in whatever folder you save / share them to. Fileroom does not have a backend that receives, scans, or stores your files.

2. Anonymous product analytics (opt-in)

We use PostHog to understand which features are used and which formats are common. It is off by default. The first time you open the app you're asked whether you want to share anonymous usage. You can change your answer at any time from Settings → Analytics.

When enabled, Fileroom sends only the following kinds of events:

• conversion_started / conversion_completed / conversion_failed — input MIME type, output MIME type, output byte count, and (on failure) the error kind. No file names, paths, or content.
• paywall_shown / gate_blocked — which feature surface triggered the paywall (e.g. pdf-compress) and which tier limit (daily / size / batch).
• subscription_started — which plan you bought (monthly / yearly / lifetime). No payment information.

PostHog is configured with captureScreenViews = false and we never pass file names, paths, contents, or any free-form text. The closed-event taxonomy is auditable in source — AnalyticsClient.Event on iOS, analytics/Event.kt on Android.

3. Anonymous crash reporting (opt-in)

Same consent toggle controls Sentry crash reporting. When enabled, Sentry receives stack traces and basic device info (OS version, device model, app version) on unhandled errors. sendDefaultPii is set to false. No file content or names are attached to crash reports.

4. Subscriptions

Subscriptions are sold by Apple (App Store) and Google (Play Store) and managed through RevenueCat. RevenueCat receives an anonymous, randomly-generated user id so the app can check your entitlement on a new device or after reinstall. No email address, no name, no payment information. Apple and Google have their own privacy policies covering the payment side; we don't receive your card details.

5. Permissions

• Photos / Storage— only if you tap to pick from your library or save back to it. Files you don't hand the app aren't visible to it.
• Files / SAF — used by the system file picker and the share-target intake. Fileroom only ever sees the file you share with it.

6. Data retention

Anonymous analytics + crash data are retained per PostHog and Sentry's default retention windows (typically 12 months). To delete what was sent before you turned the toggle off, write to support@fileroom.app and we'll request a wipe. Because the data is anonymous we can't locate your records specifically — we can request a full reset, which clears everything.

7. Children

Fileroom is rated for general audiences and does not knowingly collect any personal information from anyone, including children under 13.

8. Changes

If we materially change how the app handles your data, this page will be updated and the date at the top will move. The app's consent prompt will re-fire on a major change to give you the chance to re-confirm.

9. Contact

Questions about anything on this page — support@fileroom.app.