Last updated: 2026-07-14
This Privacy Policy describes how FileGriffon ("FileGriffon," "we," "us," "our") handles information in connection with: (a) the FileGriffon desktop application (the "Software"), (b) our license activation service at license.filegriffon.com, (c) our website at filegriffon.com, including its blog and beta-signup form.
This Policy is incorporated by reference into the FileGriffon Terms of Service & EULA, available at filegriffon.com/terms.
The detailed sections below control in case of any conflict with this summary.
The Software maintains a local database (SQLite, optionally SQLCipher- encrypted at your choice — see Section 7) on the device where it runs, containing:
2.1 File metadata for each monitored Vault: file paths (relative to the Vault root), file sizes, timestamps, and status (e.g. OK, CORRUPT, MISSING, MOVED).
2.2 Content fingerprints, not content: a keyed cryptographic hash (XXH3-64, combined with an HMAC key unique to your installation — see Section 7.2) of each file's first 256 KB and, when needed, its full contents. This is used to detect changes and corruption; it is not the file itself and cannot be used to reconstruct the file's contents.
2.3 Event history: a log of changes detected during scans (corruption, moves, deletions), with a configurable retention/redaction window before the underlying path text is cleared from older log entries.
2.4 Drive health readings (S.M.A.R.T. data), only if you enable the SMART monitoring feature: manufacturer, model, and health/temperature/error metrics for the physical drive(s) you choose to monitor. This does not include the contents of any file on that drive.
2.5 Application settings, including your license status (see Section 4).
ALL OF THE ABOVE STAYS ON YOUR DEVICE. We have no remote access to it, no ability to view it, and no copy of it, unless you affirmatively export and send it to us yourself (e.g. attaching a diagnostic bundle to a support email — Section 3.4).
3.1 License activation and validation. When you activate, deactivate, or renew a License, or claim a Trial, the Software sends to our license server (license.filegriffon.com): - your License key (if applicable), - a device fingerprint derived from local hardware/OS identifiers (a one-way-derived value used to enforce seat limits and one-trial-per- installation; not your raw hardware serial numbers), - a timestamp, - your IP address, incidentally, as part of the standard connection. This data does NOT include any information about the files you monitor.
3.2 Update checks. Update-check requests send the Software's version number and OS platform to determine whether a newer version is available.
3.3 Telemetry (opt-in, OFF by default). If you explicitly enable "Telemetry" in Settings, the Software records a fixed, allow-listed set of anonymized usage events locally (e.g. "a vault was created," "a scan ran," counts of active/created vaults) and periodically sends them to our telemetry endpoint. Every field sent is enforced against a hard-coded allow-list in the Software itself — file paths, vault names/labels, file hashes, and any other content-identifying information are never included. No telemetry is sent at all unless you turn the setting on.
3.4 Diagnostics (user-initiated only). If you use the "Export Diagnostic Bundle" feature, the Software produces a zip file with your vault names/ paths replaced by synthetic placeholder tokens before export. This bundle is created locally and is NOT automatically sent to us — it is only transmitted to us if you choose to send it yourself (e.g. attaching it to a support request).
4.1 Beta-signup form. If you submit your email address to join the beta waitlist, we store that email address in our database so we can contact you about beta access and product updates. We also apply standard anti-abuse measures to this form (a hidden honeypot field and a per-IP rate limit); the rate-limit mechanism briefly retains your IP address for this narrow anti-abuse purpose only, automatically expiring, and is not retained as a permanent profile.
4.2 Server logs. Like virtually all websites, our hosting infrastructure generates standard server access logs (IP address, requested URL, timestamp, user agent) for security, abuse-prevention, and operational purposes.
4.3 Cookies / tracking. filegriffon.com does not run third-party advertising trackers or third-party analytics scripts. If this changes, we will update this Policy first, and add a cookie-consent mechanism appropriate to your jurisdiction before deploying any non-essential tracking technology.
We do not collect or store your payment card number, bank details, or other financial account information. Purchases are processed entirely by Paddle.com Market Ltd, acting as Merchant of Record. Paddle collects and processes your payment details under its own privacy policy and security standards; we receive only confirmation that a purchase was made, which product/tier was purchased, and an email address for license delivery.
We use the information described above solely to: (a) operate and secure the Software and license infrastructure (contract performance / legitimate interest); (b) prevent fraud and abuse of Free/Trial tiers (legitimate interest); (c) communicate with beta-signup subscribers about the product (consent, given at signup); (d) improve the Software, if and only if you have opted into Telemetry (consent); (e) comply with legal obligations where applicable (legal obligation).
We do not use any of this information to build an advertising profile of you, and we do not sell, rent, or trade your personal information to third parties for their own marketing purposes.
7.1 Local database encryption is available and configurable by you (SQLCipher-based, page-level encryption of the local database file). It is not enabled by default; enabling it is your choice, and we recommend it if your device is shared, portable, or otherwise at elevated risk of physical access by others. Like any encryption, its protection depends on the strength of the password you choose and the security of the device you run it on — we cannot protect against a compromised device, a weak or reused password, or malware running with your own user-level access.
7.2 Content-hash keying: the fingerprints described in Section 2.2 are combined with a random, installation-specific secret (stored via your operating system's own credential store — Windows Credential Locker or macOS Keychain, not a plain file) before being saved, specifically so that someone who obtains a copy of your database cannot use it to test whether a specific file (that they already separately possess) exists in your Vault, without also separately obtaining that installation secret. This does not protect against someone with live, authenticated access to your already-unlocked device.
7.3 Transport security: communication between the Software and our license server uses standard HTTPS/TLS encryption.
7.4 Limits, stated plainly: no security measure is absolute. Our protections are designed against someone who obtains a copy of your data without also compromising your live, logged-in device session — they provide little to no additional protection against an attacker actively operating your device as you. Full-disk encryption (e.g. BitLocker, FileVault), OS account security, and physical device security are your responsibility and outside the Software's control. We do not claim the Software is "unhackable," "military-grade," or provides absolute privacy or security.
We use infrastructure and service providers — including our hosting provider (which serves the license server, website, beta-signup database, and anti-abuse rate-limit data) and Paddle (payment processing) — each under their own applicable privacy/security terms. None of these providers is authorized to use your information for their own independent purposes beyond providing the service to us, except as disclosed in their own privacy policies.
We do not share your information with data brokers, advertising networks, or any party for their own marketing use.
9.1 Local data (Section 2) is retained entirely under your own control — it lives on your device for as long as you keep the Software installed and the relevant Vault configured, and you can delete it at any time by removing the Vault, uninstalling the Software, or deleting the underlying database file directly. The Software also applies its own automatic retention limits to reduce how long deleted-file path information persists in event logs (configurable in Settings > Database).
9.2 License-server data (Section 3.1) — activation records, including device fingerprints and activation history — are retained for the lifetime of the associated License plus a reasonable period thereafter for fraud-prevention, dispute-resolution, and legal-compliance purposes.
9.3 Beta-signup emails (Section 4.1) are retained until beta access is granted and a reasonable period after general availability launch, or until you unsubscribe/request deletion, whichever is earlier.
9.4 Telemetry data (Section 3.3), if you opt in, is retained only in aggregate/anonymized form once ingested; we do not retain telemetry tied to an individual, re-identifiable device beyond what's operationally needed to deduplicate/rate-limit ingestion.
10.1 Local data: because Section 2 data lives entirely on your own device, you have complete, immediate, unilateral control over it at all times — access, export, correction, and deletion are all things you can do yourself without contacting us, through the Software's own UI or by deleting the local database file.
10.2 Server-side data: to request access to, correction of, or deletion of information we hold about you on our servers (license activation records, your beta-signup email), contact us at filegriffon.com">privacy@filegriffon.com. We will respond within the time required by applicable law, and may need to verify your identity (e.g. via the email address or license key associated with the request) before acting on it. Deleting license- activation records tied to an active License may deactivate that License; we will tell you if a request would have that effect before completing it.
10.3 Telemetry: you can disable Telemetry at any time in Settings; this stops future collection but does not retroactively delete previously transmitted anonymized/aggregated data.
10.4 Depending on where you live, you may have additional rights under local law (e.g. a right to data portability, a right to object to processing, or a right to lodge a complaint with a supervisory or data- protection authority in your country). Contact us at filegriffon.com">privacy@filegriffon.com to exercise any such right.
The Software and website are not directed to children, and we do not knowingly collect personal information from anyone under the age of 16 (or the higher age required by your local law). If we learn we have inadvertently collected such information (e.g. a beta-signup email from a minor), we will delete it. Contact us at filegriffon.com">privacy@filegriffon.com if you believe this has occurred.
Our infrastructure operates a global network, meaning information described in Sections 3 and 4 may be processed in countries other than your own, including countries that may have different data-protection laws than your home jurisdiction. We take reasonable steps to ensure such transfers are conducted consistently with applicable law.
We may update this Privacy Policy from time to time. Material changes will be indicated by a new "Last updated" date at the top of this document. Where required by applicable law, we will provide additional notice (e.g. an in-app notice or email) before a material change takes effect. Your continued use of the Software or Service after a change takes effect constitutes acceptance of the revised Policy, to the extent permitted by applicable law.
filegriffon.com">privacy@filegriffon.com