Privacy Policy

Last updated: 8 June 2026

1. Who we are

filedup ("we", "us", "our") is a document organization tool currently in pre-launch. We are based in Singapore. For privacy questions or to exercise the rights described below, email [email protected].

For the purposes of Singapore's Personal Data Protection Act and equivalent laws in other jurisdictions, filedup acts as the data controller (or "organization" under PDPA terminology) for personal data we collect under our Free, Plus, Pro, and Business tiers. Our designated Data Protection Officer (DPO) is the founder of filedup, reachable at [email protected].

Scope. This Privacy Policy applies to our consumer and Business tiers, and to the public website and waitlist. Enterprise self-hosted deployments are governed by a separate Master Software License Agreement (MSLA); see Section 15 below.

2. What we collect

Right now (pre-launch waitlist)

Email address — when you sign up for the waitlist.
Email address — when you download a free template from the Resources section. Each download is recorded with the template requested, the country (derived from your IP via Cloudflare), the referring page, and a timestamp.
Basic server logs (IP address, user agent, timestamp) retained for up to 30 days for security and abuse prevention.

When the iOS product launches (v1.0)

Consumer billing runs entirely through Apple's App Store and In-App Purchase. We never see card numbers, billing addresses, or full names tied to billing — Apple holds that. Filedup does not run a user account system in v1.0; there is no signup, password, or login.
Folder metadata stays on your iPhone. Folder names, document counts, and last-modified timestamps live in the local SwiftData store on your device. Filedup has no servers that hold a copy.
iCloud sync is planned for v1.1. When shipped, folder metadata will sync through your own iCloud private database (Apple's CloudKit) — designed so filedup itself never holds a copy. Document content will continue to stay on your iPhone, never in iCloud or any other cloud.
Subscription status: tier and billing cycle, derived from Apple's StoreKit on-device. We do not collect this information centrally in v1.0.
Usage metrics: none collected in v1.0. No third-party analytics, no telemetry, no MetricKit. If we add anonymous diagnostics in a future release we will update this policy first.

If you use the share feature

The documents you choose to share are encrypted on your iPhone with a key derived from a password you set. The result is a .filedup file.
The file is handed off to your iPhone's share sheet (AirDrop, Mail, Messages, etc.). filedup never holds the file. We cannot decrypt it.
Files shared via your device's share sheet pass through Apple AirDrop / your email provider / messaging app — the file remains encrypted in transit.
Web-link sharing via a filedup-hosted relay is a planned feature; when launched it will be opt-in and disclosed here. For now no relay is in use.

What we never collect

Your document content. Documents are processed on your iPhone using Apple's Vision framework (on-device text recognition and field extraction), or in your browser via a local pdf.js pipeline for the web demo. They are not transmitted to our servers in plaintext at any point.
Extracted fields (vendor, date, amount, etc.) — these stay on your iPhone.
Data used to train any AI model. We do not train AI on user data.
Biometric data, government-issued ID numbers, or health records (these are prohibited from upload — see Terms of Service §5).

3. How we use your data

Email — waitlist signups: a welcome message and a single launch announcement. Marketing email beyond that only with separate opt-in.
Email — template downloads: a transactional email containing the requested template and a link back to it. If you ticked the "tell me when filedup launches" box at download, your address is also added to the waitlist. You can unsubscribe at any time.
Logs: security monitoring, abuse prevention, troubleshooting. Not for advertising or profiling.
Folder metadata: to let you see your folder list and document counts in the app. Stays on your iPhone in v1.0.

We do not sell your data. We do not share it with advertisers. We do not engage in cross-context behavioral advertising.

4. Automated decision-making and AI

filedup uses on-device extraction (Apple's Vision framework on iPhone, or a local pdf.js pipeline in the browser-based demo at filedup.com/app.html) to read document fields such as vendor, date, and amount. This processing happens entirely on your device — no document content is transmitted to filedup or any third party.

You remain in control. Every extracted field is shown on a Review screen and is editable before you save it.
No automated decisions with legal or significant effect are made about you. Filedup classifies and organises documents; it does not decide on credit, employment, insurance, or similar.
You can edit any extracted field, leave fields blank, or skip the Review screen and file the document manually.

5. Third parties (sub-processors)

We use the following service providers, each under data protection agreements that bind them to comparable standards. We will update this list before adding any new sub-processor that receives personal data.

Apple — App Store distribution, In-App Purchase / subscription billing, and on-device frameworks (Vision for text recognition, CryptoKit for encryption). In v1.0 Apple is the only party that holds any consumer billing data tied to filedup; we never see card numbers, billing addresses, or full names. iCloud / CloudKit sync is planned for v1.1; when shipped it will route folder metadata through your own iCloud private database, never to filedup's servers.
Cloudflare — website hosting (Cloudflare Pages), CDN, DDoS protection, the D1 database where waitlist and template-download records are stored, and inbound email routing for our hello@/privacy@/security@ inboxes. Cloudflare does not relay any user-shared files in v1.0; if a share-link relay is launched in a future release this entry will be updated to reflect the additional role.
Twilio SendGrid — outbound transactional email delivery for the waitlist welcome message, the launch announcement, and template-download emails. SendGrid receives the recipient's email address and the body of the message at the moment we send it. No document content, no folder metadata, and no usage data is ever transmitted to SendGrid.
Airwallex — banking and treasury for Saiphspace (the company behind filedup). Apple's monthly App Store payouts are sent to a Singapore-based Airwallex receiving account. Airwallex does not process consumer subscriptions, does not see filedup user data, and does not hold any document content. They hold our company's funds in transit only.

6. Cross-border data transfers

Some sub-processors operate outside Singapore (notably Apple, Cloudflare and Twilio SendGrid, which have US infrastructure; Airwallex operates internationally with a Singapore-licensed entity). Under PDPA Section 26 we ensure each overseas recipient is bound by enforceable contractual obligations to provide a standard of protection comparable to PDPA, through Standard Contractual Clauses or equivalent.

If you reside outside Singapore, your data may be processed in Singapore and in the jurisdictions of these sub-processors. By using filedup you consent to this transfer where required.

7. Your rights

Subject to local law, you have the right to:

Access — request a copy of the personal data we hold about you.
Correction — request correction of inaccurate data.
Deletion — request deletion of your data, subject to legal retention obligations.
Portability — request your data in a machine-readable format (JSON).
Withdraw consent — at any time, by unsubscribing or emailing us. Withdrawal does not affect prior lawful processing.
Object to processing — for marketing purposes at any time; for other purposes where local law allows.
Lodge a complaint with your local data protection authority (PDPC for Singapore, OAIC for Australia, OPC for Canada, or your state Attorney General in the US).

Email [email protected] with the subject line "Privacy Request." We will respond within 30 days. We may verify your identity before fulfilling a request.

Additional rights for California residents (CCPA / CPRA)

Right to know what categories of personal information we collect, the sources, the business purposes, and the third parties we share with.
Right to delete personal information we hold.
Right to correct inaccurate personal information.
Right to opt out of "sale" or "sharing" of personal information — note that we do not sell or share personal information for advertising or other commercial purposes.
Right to limit use of sensitive personal information — we do not collect sensitive personal information as defined by CPRA.
Right to non-discrimination for exercising these rights.

8. Retention

Waitlist emails: until you unsubscribe, or 24 months after our last communication with you, whichever is sooner.
Template-download records (email, template requested, country, referer, timestamp): retained for up to 24 months for product analytics and to enable follow-up on the launch announcement. Deleted on request.
Account data: not applicable in v1.0 — filedup has no user account system (no sign-up, no login, no password). When an account system is introduced in a future version, this policy will be updated to specify retention and deletion timelines before that feature ships.
Server logs: up to 30 days.
Encrypted share files: filedup does not retain copies. The file is created in a temporary location on your iPhone, shared via the iOS share sheet, and removed from the temporary location automatically.
Billing records: 7 years (Singapore tax law requirement).
Aggregated, anonymized analytics: not collected in v1.0 (see §2 above). If anonymous diagnostics are added in a future release, this policy will be updated first to specify what is collected and how long it is retained.

9. Cookies and tracking

We use only essential cookies required for the site to function (session, security). We do not use third-party tracking cookies, advertising cookies, or analytics trackers. The iOS app does not use IDFA for advertising; we do not request App Tracking Transparency permission because we do not track.

10. Jurisdiction and geographic scope

filedup is not offered to, or targeted at, residents of the European Union, United Kingdom, Switzerland, Norway, Iceland, or Liechtenstein. Users from these regions should not sign up. If you believe you have signed up from one of these regions in error, please email [email protected] to be removed.

filedup is designed to comply with:

Singapore Personal Data Protection Act 2012 (PDPA)
California Consumer Privacy Act / California Privacy Rights Act (CCPA / CPRA) and other applicable US state privacy laws (Virginia, Colorado, Connecticut, Utah, Texas, etc.)
Australian Privacy Act 1988 and the Australian Privacy Principles
Canadian Personal Information Protection and Electronic Documents Act (PIPEDA)

11. Children

filedup is not directed to or intended for children under 13 (or 16 in jurisdictions where that is the applicable age, including the COPPA-equivalent threshold). We do not knowingly collect personal information from children. If you are under these ages, please do not sign up. Parents or guardians who become aware that a child has provided us information may email [email protected] to have it removed promptly.

12. Security

We take reasonable administrative, technical, and physical measures to protect the data we hold:

TLS 1.3 for all website traffic. The iOS app does not transmit document content over the network.
iOS device-level data protection encrypts the local document store at rest. Document content is also covered by Apple's Secure Enclave and file-system encryption when the device is locked.
Filedup does not run a user account system in v1.0. There are no passwords for filedup to store; there is no signup, login, or password reset.
Encrypted share files (.filedup): folder content is encrypted on your iPhone using AES-256-GCM with a content key. The content key is wrapped using a key derived from your chosen password via PBKDF2-HMAC-SHA-256 with 210,000 iterations (OWASP 2023 baseline). The password itself never leaves your iPhone. We cannot decrypt these files.
Access to filedup operational systems (e.g. the website's git repo, Cloudflare account) is role-based, MFA-required, and logged.
Regular dependency and infrastructure security review.

No system is perfectly secure. In the event of a breach affecting your personal data we will notify you without undue delay (and in any event within 72 hours of confirmation, where required by applicable law). For security disclosures, email [email protected] or see /.well-known/security.txt.

13. Enterprise (self-hosted) deployments

Our Enterprise tier ships as a software package that customers deploy on their own infrastructure (private cloud, on-prem, or sovereign cloud). In Enterprise deployments:

The customer organization is the data controller for all personal data within the deployment. filedup is the software licensor only; we do not process customer data.
Account metadata, audit logs, share-link relays, and database all run on the customer's own infrastructure. filedup does not have access to them.
We do not receive telemetry from Enterprise deployments by default. Optional, anonymous diagnostic telemetry can be enabled by the customer's administrator.
Each Enterprise deployment is governed by a Master Software License Agreement (MSLA) separate from these consumer terms. The MSLA addresses license scope, support obligations, warranty, source-availability where applicable, and customer-side data protection responsibilities.
This Privacy Policy does not apply to data processed within an Enterprise deployment. The customer's own privacy notice and data protection arrangements govern that data.

Enterprise customers in the European Union, United Kingdom, Switzerland, or other regions excluded from our consumer offering may license filedup Enterprise for self-hosted use, because in that arrangement filedup is not processing the customer's personal data. The customer assumes full data protection responsibility within their jurisdiction. Contact [email protected] for the MSLA and a deployment guide.

14. Changes to this policy

We may update this policy. Material changes will be communicated to account holders by email at least 14 days before taking effect. The "Last updated" date above will reflect any change. Continued use after the effective date constitutes acceptance.

15. Contact

Privacy questions and rights requests: [email protected]
Security disclosures: [email protected]
General contact: [email protected]