Privacy Policy
Effective: April 17, 2026 · Last updated: May 5, 2026
In short: file contents always go device-to-device — we never see them and they are never stored on our servers. We do not use any analytics or tracking SDK. The only data we collect on our servers is what is required to operate optional account features (sign-in, paid entitlement, cross-network sending).
1. About This App
AirTok ("the App") is a cross-platform peer-to-peer file transfer tool supporting iOS, macOS, Android, Windows, and Linux. It is developed and operated by Dex Li ("we", "us", or "our").
The App offers two transfer modes:
- Local network (LAN) mode: when both devices are on the same Wi-Fi, files transfer directly between devices over your local network. No internet, no servers.
- Cross-network (WAN) mode: when devices are on different networks, the App establishes an end-to-end encrypted channel between your devices. File contents are still only readable by your two devices, never by us or by intermediate servers.
We designed AirTok to handle as little of your data as possible. This privacy policy aims to transparently explain how we handle (and do not handle) your data.
2. Data We Do NOT Collect
This App does not collect, store, or transmit any of the following data to our servers or any third party:
- Contents or filenames of files you transfer
- Advertising / tracking identifiers (IDFA, AAID, etc.)
- Precise or approximate location data
- Usage behavior data or analytics
- Contacts, calendar, browsing history, or other sensitive personal data
- Crash logs (not automatically reported)
3. How Files Are Transferred
LAN mode (same Wi-Fi)
- Files transfer via peer-to-peer TCP connections directly between devices, without passing through any cloud server
- TLS 1.3 encryption protects data during transit
- After transfer, files are saved to the receiving device's local storage
WAN mode (cross-network)
- The App uses our signaling service to help your two devices discover each other across networks. Signaling messages contain only public connection metadata (such as encrypted handshake parameters) — never file contents
- When a direct peer-to-peer connection cannot be established due to NAT/firewall, file traffic is forwarded through a relay server. The relay server only forwards encrypted bytes; it cannot read file contents
- End-to-end encryption protects file contents — only your two devices hold the keys, the relay does not
- Files are not stored on the signaling or relay server at any point
4. Device Permissions
This App may request the following device permissions, each used solely for its stated purpose:
| Permission | Purpose | When Requested |
|---|
| Local Network | Discover other devices and transfer files on the LAN | On first launch |
| Photo Library / Media | Select photos/videos to send, or save received media to Photos | When selecting photos or saving |
| Camera | Scan QR codes to quickly connect to other devices | When using QR scanner |
| File Access | Select files to send, or save received files | When selecting files |
| Notifications | Show transfer progress and completion alerts | On first transfer (or first launch on Android 13+) |
You can revoke any of these permissions at any time in your system settings. Revoking a permission may disable the related feature but will not affect other functions of the App.
5. Network Communication
Local network (LAN)
- UDP broadcast/multicast: Used to automatically discover other AirTok devices on the same network. Broadcast content only includes device name and connection info — no personal information.
- TCP connections: Used for file transfer between devices. Supports TLS 1.3 encryption.
- Local loopback HTTP (desktop only): Internal communication between app components, bound to the machine's loopback address only — inaccessible to external devices.
Network services
- Signaling service: When two devices are not on the same local network, the AirTok backend assists in establishing an encrypted connection channel. This service only handles the handshake metadata needed to set up the connection; it never sees file contents.
- Relay service: Used only when a direct peer-to-peer connection is impossible due to network restrictions; forwards bytes that are already end-to-end encrypted. The relay cannot decrypt the data passing through.
- Account & update API: Used for account sign-in, paid entitlement validation, and version checks. Only contacted when you actively use account / paid features (or when the App checks for a new version).
- Apple / Google identity: Contacted by the platform OS when you sign in with Apple or Google. We never see your password.
6. Local Data Storage
This App stores the following data locally on your device:
- App settings: Download directory, device name, theme preferences, and other configuration
- Device registry: List of discovered and trusted devices (device name, IP address, trust status)
- Transfer history: Recent transfer records (file name, transfer status, timestamp)
- Received files: Saved to your specified download directory
- TLS certificates: Local key pairs used for encrypted transfers
All of the above is stored locally on your device and is never uploaded to any server. Uninstalling the App will delete all data except received files.
7. Account & Sign-In
An account is not required for local network transfer. You can install and use the App on multiple devices on the same Wi-Fi without ever signing in.
Signing in unlocks cross-network transfer and paid features. You may sign in via:
- Sign in with Apple (iOS / macOS, native AuthenticationServices framework). We receive your stable Apple user ID and the email address you choose to share (your real or relay email). We never see your Apple ID password.
- Sign in with Google (Android / iOS). We receive your Google account email address and a stable Google user ID. We never see your Google password.
- Email + one-time code: you enter an email address; we send a one-time verification code. We store only the email address.
Once signed in, our server stores: your email address, a stable account ID, the chosen sign-in method, and timestamps for account creation and last sign-in. This data is used solely to operate account-gated features and to associate your devices with the same account.
8. Third-Party Services
This App does not integrate any third-party analytics, advertising, tracking, or crash reporting SDKs, including but not limited to:
- Analytics SDKs (e.g., Google Analytics, Firebase Analytics)
- Advertising SDKs (e.g., AdMob, Facebook Ads)
- Attribution / tracking SDKs (e.g., Adjust, AppsFlyer)
- Crash reporting SDKs (e.g., Crashlytics, Sentry)
The following third-party services are used because they are essential to the App's functionality:
- Network infrastructure provider — provides the signaling and relay capacity used by cross-network transfer (see §3 and §5). The provider only handles encrypted handshake data and (when relayed) end-to-end encrypted byte streams. It is contractually a data processor and cannot decrypt your files.
- Apple Sign In (Sign in with Apple) — used only when you choose to sign in via Apple. The exchange happens directly between your device, Apple, and our backend; we receive only the identity token Apple issues.
- Google Sign In — used only when you choose to sign in via Google. Same handling as above.
- Apple StoreKit (iOS only) — handles paid subscriptions and one-time purchases. Billing, renewals, and refunds are managed entirely by your Apple account; we never handle your payment information (credit card numbers, Apple ID passwords, etc. never reach our servers).
To validate your paid entitlement, the App sends Apple's transaction identifier to our server. We verify the transaction through Apple's official interface and store the following:
- Subscription product identifier, current period start / end timestamps, auto-renew status
- One-time topup pack grant timestamp, expiry, and remaining bytes
- The Apple transaction identifier used to associate the above with your account
We also receive subscription lifecycle events pushed by Apple (renewal, refund, cancellation, etc.) to keep your paid status in sync.
Account and entitlement data is used solely for account operation, paid feature access control, and subscription lifecycle management — never for advertising, profiling, or resale to any third party. When you delete your account (see §11) the related records enter the soft-delete pipeline.
9. Data Security
We take the following measures to protect your data:
- File transfers support TLS 1.3 end-to-end encryption
- Devices verify each other's identity via TLS certificate fingerprints
- Certificate fingerprints are pinned after first connection (Trust-On-First-Use) to prevent man-in-the-middle attacks
- Optional file integrity verification (SHA-256) ensures transferred content has not been tampered with
- Optional receive confirmation prevents unauthorized devices from pushing files
10. Children's Privacy
This App is not directed at children under the age of 13 and does not knowingly collect any personal information from children. If you are a parent or guardian and believe your child has encountered a privacy issue while using this App, please contact us.
11. Your Rights & Data Retention
Data we keep on our servers (only if you have signed in)
- Account email + ID + sign-in method: kept until you delete your account
- Subscription / paid entitlement records: kept until you delete your account; after deletion, retained for the billing dispute window (typically 180 days) before final removal
- File transfer contents and metadata: not stored on our servers at any point
What you can do
- Delete your account: in-app via Account → Delete Account (iOS and Android), or by emailing us. Account deletion removes your sign-in identity and starts the entitlement soft-delete pipeline.
- Export your data: contact us by email and we will provide a copy of any personal data tied to your account.
- Sign out: removes the session token from this device without deleting your account.
- Clear local data: clear transfer history in App settings, delete received files, untrust devices, or uninstall the App to remove all local data.
12. Legal Compliance
This privacy policy is designed to comply with the following privacy regulations:
- Personal Information Protection Law of the People's Republic of China (PIPL)
- General Data Protection Regulation (GDPR, applicable to EU users)
- California Consumer Privacy Act (CCPA, applicable to California residents)
Where account features are used, we honor your data subject rights under these regulations (access, deletion, portability) as described in §11.
13. Changes to This Policy
If this policy is updated, we will post the revised version on this page and update the "Last updated" date at the top. Significant changes will be communicated via in-app announcements.
We encourage you to review this page periodically for the latest privacy information.
14. Contact Us
If you have any questions or suggestions regarding this privacy policy, please contact us at:
📧 Email: dexli0215@gmail.com