Privacy & Security
Privacy & Security
AirShare is designed with privacy and security as top priorities. This guide explains how we protect your data.
Privacy Principles
What We Believe
- Your files are yours: We never see, store, or have access to your files
- No tracking: We don't collect usage data or analytics
- Local-first: Everything happens on your network
- Transparent: Open-source code you can audit
- Minimal data: We only store what's necessary locally
What Data We Collect
During File Transfers
We collect ZERO data during transfers.
Transfers happen peer-to-peer between your devices. AirShare developers have:
- ❌ No servers that relay files
- ❌ No visibility into what you transfer
- ❌ No logs of your transfers
- ❌ No analytics on usage
Locally Stored Data
Data stored only on your device:
Transfer History
- File names and sizes
- Sender/receiver device names
- Transfer timestamps
- Transfer status (completed/failed/cancelled)
- File paths on your system
Purpose: To show you your transfer history
Storage: Local SQLite database
Control: You can disable or clear anytime
Settings & Preferences
- Your chosen device name
- Language preference
- Theme selection
- Download folder location
- Notification preferences
Purpose: Remember your preferences
Storage: Local configuration file
Control: Fully customizable, can reset
License Information (Pro users)
- License key
- Activation date
- License type and expiration
- Device ID (for license validation)
Purpose: Verify your Pro subscription
Storage: Local encrypted storage
Transmission: Only sent to license server during activation
License Activation
When you activate a Pro license:
Data sent to license server:
- License key
- Device ID (hashed)
- Operating system type
- AirShare version
Purpose: Validate license and prevent fraud
Server: Secure HTTPS endpoint
Retention: License key and device hash only
NOT sent:
- Your files or filenames
- Transfer history
- IP address (beyond server logs)
- Personal information
- Usage patterns
Update Checks
When checking for updates:
Data sent:
- Current AirShare version
- Operating system type
- Update channel (stable/beta)
Purpose: Determine if update is available
Server: GitHub Releases API
NOT sent: Any personal data or usage information
Security Measures
Network Security
Local Network Only
AirShare works exclusively on your local network:
- ✅ Files never leave your network
- ✅ No internet upload required
- ✅ No cloud intermediaries
- ✅ Direct peer-to-peer transfer
Encrypted Transfers
All file transfers use TLS 1.3 encryption:
Sender → [TLS 1.3 Encryption] → Receiver
- Industry-standard: Same encryption as online banking
- End-to-end: Encrypted from sender to receiver
- Certificate validation: Prevents man-in-the-middle attacks
- Perfect forward secrecy: Each session has unique keys
QUIC Protocol
AirShare uses QUIC (Quick UDP Internet Connections):
- Built-in encryption: TLS 1.3 is integral to QUIC
- Secure by design: Can't use QUIC without encryption
- Modern protocol: Developed by Google, used by Chrome
- Authenticated packets: Prevents tampering
File Integrity
Hash Verification
Every file transfer includes SHA-256 hash verification:
- Sender: Calculates SHA-256 hash of file
- Transfer: Sends hash along with file
- Receiver: Calculates hash of received file
- Verification: Compares hashes
- Result: Transfer fails if hashes don't match
This guarantees:
- ✅ File wasn't corrupted during transfer
- ✅ File wasn't tampered with
- ✅ You received exactly what was sent
Application Security
Code Signing (Updates)
All AirShare updates are cryptographically signed:
- Signing key: Held securely offline
- Verification: App verifies signature before installing
- Tamper-proof: Modified updates are rejected
- Authentic: Guarantees update is from official source
Automatic Updates
Updates are secure and opt-in:
- Check for updates: Automatic (can disable)
- Download updates: Manual or automatic (your choice)
- Install updates: Always requires your approval
- Signature verification: Always automatic
Local Database Encryption
Transfer history database:
- SQLite database on your device
- Standard file permissions
- Only accessible by AirShare and you
- Not encrypted by default (contains no sensitive data)
License information:
- Encrypted with platform keychain/credential manager
- Windows: Windows Credential Manager
- macOS: Keychain
- Linux: Secret Service (GNOME Keyring, KWallet)
Privacy Features
Invisible Mode
Hide your device from others:
- Settings → Privacy → Visibility
- Disable "Visible to others"
When invisible:
- ✅ You can still see others
- ✅ You can send files
- ❌ You won't appear in others' Radars
- ❌ You can't receive files
Use case: When you want to send but not receive
Transfer Permissions
Control who can send you files:
- Settings → Privacy → Transfer Permissions
- Choose mode:
- Ask every time: Manual approval (most secure)
- Auto-accept from known devices: Trusted senders only
- Block all: Reject everything
Recommendation: Use "Ask every time" on public/work networks
File Type Filtering
Block potentially dangerous files:
- Settings → Privacy → File Types
- Options:
- Block executable files: Blocks .exe, .bat, .sh, .app, etc.
- Custom filter: Only allow specific extensions
Recommendation: Enable executable blocking for safety
History Privacy
Control history retention:
Disable history completely:
- Settings → Privacy → History → Disable "Save transfer history"
- No records kept at all
Auto-delete old entries:
- Settings → Storage → History Retention
- Auto-delete after 30/90/365 days
Manual clearing:
- Settings → Storage → "Clear All History"
- Immediately deletes all records
What Others Can See
In the Radar
When you appear in someone's Radar, they see:
Visible:
- ✅ Your device name (what you set in Settings)
- ✅ Your operating system icon (Windows/macOS/Linux)
- ✅ Your online/offline status
NOT visible:
- ❌ Your files or folders
- ❌ Your IP address (only know you're on same network)
- ❌ Your computer name/hostname
- ❌ Personal information
- ❌ What you're doing
During Transfers
When sending/receiving files:
Visible to other party:
- ✅ File names being sent
- ✅ File sizes
- ✅ Transfer progress
- ✅ When transfer starts/completes
NOT visible:
- ❌ File contents (encrypted)
- ❌ Other files on your system
- ❌ Your file system structure
- ❌ Your other transfers
To Network Administrators
On corporate/managed networks, admins can see:
Visible in network logs:
- ✅ Traffic is happening (encrypted UDP packets)
- ✅ Source and destination IP addresses
- ✅ Approximate data volume
- ✅ Port numbers used
NOT visible:
- ❌ What files are being transferred (encrypted)
- ❌ File names (encrypted)
- ❌ File contents (encrypted)
Recommendation: Check your organization's IT policies regarding file sharing.
Threat Model
What AirShare Protects Against
✅ Eavesdropping: Encryption prevents network sniffing
✅ Tampering: Hash verification detects modifications
✅ Impersonation: Certificate validation prevents MITM
✅ Corruption: SHA-256 ensures file integrity
What AirShare Doesn't Protect Against
❌ Malicious files: AirShare transfers files as-is (use antivirus)
❌ Social engineering: Verify sender before accepting
❌ Compromised devices: If sender's device has malware
❌ Physical access: Someone with access to your computer
Open Source Security
Public Audit
AirShare is open source:
- Source code: GitHub Repository
- Audit: Anyone can review the code
- Issues: Report security issues on GitHub
- Contributions: Community can improve security
Security Audits
We welcome security audits:
- White-hat hackers encouraged
- Responsible disclosure appreciated
- Security issues get priority fixes
- Credit given to reporters
Report vulnerabilities: security@airshare.com
Best Practices
Stay Secure
- Verify senders: Don't accept files from unknown devices
- Use trusted networks: Avoid public WiFi for sensitive files
- Scan files: Use antivirus on received files
- Block executables: Enable executable file blocking
- Keep updated: Install security updates promptly
- Strong device names: Avoid names that reveal sensitive info
- Review history: Regularly check transfer history
- Clear history: Delete history of sensitive transfers
Privacy Settings Recommendations
Maximum Privacy
✅ Disable history: Settings → Privacy → History → Off
✅ Invisible mode: Settings → Privacy → Visibility → Off
✅ Ask every time: Settings → Privacy → Transfers → Ask every time
✅ Block executables: Settings → Privacy → File Types → Block executables
✅ No auto-updates: Settings → System → Updates → Manual only
Balanced Privacy & Convenience
✅ History: Auto-delete after 90 days
✅ Visible to others: Enabled
✅ Ask every time: Enabled (or auto-accept for known devices)
✅ Block executables: Enabled
✅ Auto-update check: Enabled (auto-install: Disabled)
Maximum Convenience
✅ Keep all history: Enabled
✅ Visible to others: Enabled
✅ Auto-accept: From known devices
✅ File types: Allow all
✅ Auto-updates: Fully automatic
Choose the balance that fits your needs!
Compliance
GDPR (European Union)
AirShare is GDPR-friendly:
- No personal data collection: We don't collect personal data
- Local processing: All data stays on your device
- Data portability: Export your history anytime (CSV)
- Right to deletion: Clear history anytime
- No profiling: We don't profile users
CCPA (California)
AirShare complies with CCPA:
- No selling of data: We don't collect data to sell
- No sharing: Your data isn't shared with third parties
- Opt-out: All data collection is optional (can disable history)
Other Regulations
AirShare's privacy-first design naturally complies with most data protection regulations worldwide.
Transparency
No Hidden Features
AirShare has:
- ❌ No telemetry
- ❌ No analytics
- ❌ No tracking pixels
- ❌ No ads
- ❌ No data mining
- ❌ No selling of data
Changes to Privacy Policy
If we ever need to collect data (e.g., for new features):
- We'll update this privacy documentation
- You'll be notified in-app
- New data collection will be opt-in
- You can always disable or opt-out
Questions About Privacy?
Have privacy concerns or questions?