Overview
The short version: fShare transfers files directly between browsers using WebRTC peer-to-peer technology. Your file data never passes through or is stored on our servers. We collect only the minimum information needed to operate the service securely.
fShare is operated by Aquila Innovations ("we", "us", "our"). This Privacy Policy describes how we handle information in connection with your use of fShare at fshare.aquilainnovations.in and related services (collectively, the "Service").
By using fShare, you agree to the practices described in this policy. If you disagree, please discontinue use of the Service.
Data We Collect
We collect the absolute minimum necessary to keep fShare working. Here is a precise breakdown:
| Data Type | What It Is | Why We Need It | Retention |
|---|---|---|---|
| Account email | Your email address at sign-up | Authentication & account recovery | Until deletion |
| Hashed password | bcrypt hash — never plain text | Account security | Until deletion |
| Session tokens | Random cryptographic token | Keep you logged in | 30 days |
| Signaling metadata | 6-digit code + WebRTC SDP offer/answer | Connect sender and receiver browsers | Minutes (in-memory only) |
| Server access logs | IP address, timestamp, HTTP method | Security, abuse prevention | 7 days |
We do not sell, rent, or broker any of this data to third parties.
What We Don't Collect
This list is equally important. fShare explicitly does not collect, store, or process:
- ✅ Your file content — files never touch our servers
- ✅ File names or metadata — we don't log what you transfer
- ✅ Transfer history — no record of who sent what to whom
- ✅ Advertising identifiers — we run zero ads
- ✅ Behavioral tracking data — no heatmaps, no session recordings
- ✅ Device fingerprints — we don't profile your device
- ✅ Location data — beyond the country-level of your IP in logs
- ✅ Sensitive personal information — health, financial, biometric data
Why this matters: Most file sharing services read file metadata (and sometimes content) to provide features like thumbnails, virus scanning, or content moderation. fShare's P2P architecture makes this technically impossible — which is a feature, not a limitation.
How WebRTC Works (Technical)
Understanding our technology helps you understand our privacy posture:
1. Signaling (uses our server, briefly)
When you generate a 6-digit code, our signaling server temporarily holds a WebRTC "SDP offer" in memory — a few hundred bytes describing how to connect. The receiver submits the code, retrieves this offer, and our server sends back the "SDP answer". This handshake takes seconds.
The signaling data contains no file content, no file names, and is wiped from memory as soon as the peer connection is established (typically within 30–60 seconds).
2. STUN/TURN (for NAT traversal)
Some networks require STUN servers to discover your public IP for WebRTC. We may use standard STUN infrastructure. In cases where a direct connection is impossible (certain corporate firewalls), a TURN relay server routes your encrypted data stream. Even via TURN, data is end-to-end encrypted with DTLS — the relay cannot read your content.
3. The Transfer (P2P, bypasses our servers)
Once connected, your file is chunked into 64KB segments and transmitted directly via a WebRTC DataChannel. This data never touches our servers. The channel is encrypted with DTLS 1.2 / 1.3 by default, enforced by the WebRTC specification in all major browsers.
Account Data
Creating a fShare account requires an email address and password. We store:
- Your email address (used for login and password recovery only)
- A bcrypt hash of your password (never the password itself)
- Your account creation timestamp
We do not require a real name, phone number, payment information, or any other personal data.
Receivers do not need an account. Someone receiving a file from you only needs a browser and the 6-digit code — they create no account and we collect nothing about them.
Account Deletion
You may delete your fShare account at any time from within the app settings. Upon deletion, your email and hashed password are permanently erased from our database. Server logs referencing your IP address are purged on their normal 7-day cycle.
Cookies & Local Storage
fShare uses a small number of strictly necessary cookies and browser storage. We use no advertising cookies and no third-party tracking cookies.
| Name | Type | Purpose | Duration |
|---|---|---|---|
fshare_session |
HTTP Cookie (Secure, HttpOnly) | Authentication session | 30 days |
fshare-theme |
localStorage | Remember dark/light mode preference | Persistent (local only) |
Because all cookies are strictly necessary for the service to function, we do not display a cookie consent banner under ePrivacy Directive guidelines. You may clear cookies at any time via your browser settings — this will log you out.
Third Parties
fShare does not share your personal data with third-party advertisers, data brokers, or analytics companies. We may use the following infrastructure providers:
Hosting & Infrastructure
fShare's servers are hosted on reputable cloud infrastructure. Our hosting providers process server access logs on our behalf under data processing agreements. They do not have access to your file content.
Google Fonts
Our interface loads the Inter typeface from Google Fonts. Google may log font request metadata (IP address, referrer). You can review Google's Privacy Policy for details. This is the only third-party request our landing page makes.
No Analytics Services
We do not use Google Analytics, Mixpanel, Hotjar, or any other third-party analytics platform. Our understanding of usage is limited to aggregated server log counts.
Data Retention
We keep data for the shortest time necessary:
- Signaling session data: Wiped from memory within minutes of connection (or 10 minutes if no connection is made)
- Server access logs: Automatically purged after 7 days
- Session cookies: Expire after 30 days of inactivity
- Account data: Retained until you delete your account
No backup copies of your files are ever made because your files never enter our systems.
Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of personal data we hold about you
- Correction: Update inaccurate or incomplete data
- Erasure: Request deletion of your account and associated data
- Portability: Receive your data in a structured, machine-readable format
- Objection: Object to processing based on legitimate interests
- Restriction: Request we limit processing in certain circumstances
To exercise any of these rights, contact us at apps@aquilainnovations.in. We will respond within 30 days. We may need to verify your identity before fulfilling a request.
If you are in the European Economic Area, you also have the right to lodge a complaint with your local data protection authority.
Children's Privacy
fShare is not directed at children under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us immediately at apps@aquilainnovations.in and we will delete it promptly.
Policy Changes
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Update the "Last updated" date at the top of this page
- Display a notice within the fShare app for 30 days
- For significant changes, send an email notification to registered accounts
Continued use of fShare after changes become effective constitutes your acceptance of the revised policy. We recommend reviewing this page periodically.
Our commitment: We will never change this policy to allow selling your data, inserting advertising, or storing your files on our servers. Our core privacy architecture is a product decision, not just a policy promise.
Contact Us
If you have questions about this Privacy Policy or how we handle your data, please reach out:
Aquila Innovations
Privacy inquiries: apps@aquilainnovations.in
Response time: within 30 days (usually much faster)