Privacy Policy

Last updated: January 31, 2026

1. Information We Collect

GlideFile collects minimal information necessary to provide our FTP/SFTP client service:

  • Account Information: Email address and name when you create an account
  • Server Configurations: We store your server configurations with mandatory end-to-end encryption (E2EE). All sensitive data (host, port, username, passwords, SSH keys) is encrypted on your device using AES-256-GCM before being sent to our servers. We cannot decrypt this data - only you can, using your master password.
  • Device Information: Device identifiers for sync functionality
  • Usage Data: Anonymous analytics to improve our service

2. How We Use Your Information

We use your information to:

  • Provide and maintain our service
  • Sync your server configurations across devices
  • Send important service updates and notifications
  • Process payments and manage licenses
  • Improve our application based on usage patterns

3. Data Storage and Security

Your data is stored on secure servers hosted by Infomaniak in Switzerland. We implement industry-standard security measures:

  • All data in transit is encrypted using TLS 1.3
  • Mandatory End-to-End Encryption (E2EE): All server credentials are encrypted on your device using AES-256-GCM with keys derived from your master password via Argon2id
  • Zero-Knowledge Architecture: Your master password never leaves your device. We only store encrypted data blobs that we cannot decrypt
  • We never have access to your FTP/SFTP passwords or SSH private keys
  • Regular security audits and updates

How E2EE Works

When you create an account or save server credentials:

  1. Your master password is used to derive an encryption key using Argon2id (a memory-hard key derivation function)
  2. A separate authentication hash is derived and sent to our servers (we never see your actual password)
  3. All server credentials are encrypted locally using AES-256-GCM before being transmitted
  4. Our servers store only the encrypted data - we have no way to decrypt it

4. Data Sharing

We do not sell, trade, or rent your personal information. We may share data only:

  • With payment processors (Stripe) to handle transactions
  • When required by law or to protect our rights
  • With your explicit consent

5. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and associated data
  • Export your server configurations
  • Withdraw consent at any time

6. Cookies

We use essential cookies for:

  • Language preferences
  • Theme preferences (light/dark mode)
  • Authentication tokens

We do not use tracking cookies or third-party advertising cookies.

7. Data Retention

We retain your data as long as your account is active. When you delete your account:

  • Personal data is deleted within 30 days
  • Anonymized analytics may be retained
  • Payment records are retained as required by law

8. Children's Privacy

GlideFile is not intended for users under 16 years of age. We do not knowingly collect information from children.

9. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last Updated" date.

10. Contact Us

If you have questions about this privacy policy, please contact us at:

info@glidefile.com