Privacy Policy
Last updated: May 31, 2025
The short version
D2D transfers files directly between your devices using WebRTC. Files you send peer-to-peer never touch our server. No account, no email, no tracking. The bits of data that do reach the server are described below.
What we collect
IP addresses
Your IP address reaches our server every time you open D2D. We hold it in memory briefly to enforce rate limits (e.g. preventing abuse of the share-link API), and it appears in standard access logs kept by our hosting provider, Render. We do not store IP addresses ourselves in any database.
Device name & identifier
When you open D2D, a random device name (e.g. "Swift Browser") and a random UUID are generated and saved in your browser's localStorage. These never leave your device except to identify you on the local signaling server during an active session — they are not associated with your IP address or stored after you disconnect. You can clear them at any time by clearing your browser's site data.
Share link file metadata
If you use the share-link feature, we store the names, sizes, and types of the files you share — not the file contents themselves unless you are using the relay upload path. This metadata is deleted automatically when the link expires (24 hours by default, 7 days maximum) or when the download limit is reached.
Relay file uploads
If a direct WebRTC connection cannot be established, D2D falls back to a relay path where encrypted file data is temporarily stored on our server and forwarded to the recipient. Relay files are deleted as soon as the transfer completes or the share link expires. We do not read or inspect the contents.
Server logs
Our server logs connection events (device registered, paired, disconnected) and errors. These logs contain device nicknames, a truncated version of the device UUID (first 8 characters), and timestamps. Logs are retained per our hosting provider's standard retention period.
What we don't collect
- No user accounts or email addresses
- No cookies
- No analytics or advertising trackers
- No browsing history or cross-site tracking
- No payment information
- No file contents in the peer-to-peer path
Third-party services
Google Fonts
The app loads fonts from fonts.googleapis.com and fonts.gstatic.com. When your browser fetches these, Google receives your IP address. See Google's privacy policy. If this concerns you, blocking these domains will not break the app — system fonts are used as fallback.
STUN servers
WebRTC peer discovery uses Google's public STUN servers (stun.l.google.com). Your IP address is sent to these servers as part of the NAT traversal process. This is standard for WebRTC applications.
Data deletion
Share link metadata and relay files delete themselves automatically on expiry. Browser localStorage data (device name and ID) can be cleared via your browser's site data settings for this domain. For anything else — server logs, access records — contact us and we'll handle it on a best-effort basis.
Children
D2D is not directed at children under 13 and does not knowingly collect any information from them. If you believe a child has used the service in a way that has resulted in data collection, contact us so we can delete it.
Changes
If we make material changes to this policy we'll update the date at the top of this page. Continued use of D2D after a change constitutes acceptance of the revised policy.
Contact
Questions? Reach us at amoshorne@gmail.com.