Privacy
Where your data goes when you beam
Files and text move from one of your devices to the other over an encrypted WebRTC channel that crosses your own local network. This site ships the JavaScript that arranges the trip; the trip itself never touches a machine we operate. There is no upload endpoint in the code — you can verify that with your browser's network inspector, which is a stronger guarantee than any paragraph here.
The pairing codes
The QR labels contain one-session connection details (temporary credentials, a certificate digest, local socket addresses). They're generated in your browser, shown on your screen, read by your camera, and forgotten when the tab closes. They are never transmitted to us.
The one third-party contact, and when
If — and only if — you tick the different networks switch, your browser queries Google's public STUN server (stun.l.google.com) to learn its own outside address. That server sees your IP address, as any server you contact does. It never sees file contents, names or text. The switch is off by default, and with it off the site functions with zero network requests beyond loading the page itself (fonts come from Google Fonts on first load; the service worker then caches everything for offline use).
Companion desks
The wifi QR maker turns your SSID and password into pixels locally — they leave the input boxes only to be drawn on a canvas. The checksum desk reads files from disk to hash them locally. The speed gauge sends random bytes, generated on the spot, between your two paired devices only.
Cookies, analytics, accounts
None, none and none. No cookie banner because no cookies; no tracking pixels; nothing to sign into. Our hosting provider (static file serving) keeps standard access logs of page requests — as every host does — which contain no beam contents, since beam contents never pass through hosting.
Anything unclear
Write to hello@filemonkey.org — see the contact desk.