Tiflo Terminal — Privacy Policy

Last updated: 9 June 2026

Tiflo Terminal (“the app”, “we”) is an accessibility-first file manager and terminal for Android. This policy explains what data the app handles and how. The guiding principle is simple: Tiflo Terminal has no servers of its own — your data stays on your device. We do not operate a backend, we do not collect analytics, and we never receive, store, or transmit your files or credentials to us or to any third party other than the service you choose to connect to.

1. Data the app accesses

• Cloud storage (Google Drive, Dropbox, OneDrive). When you choose to connect an account, you sign in directly with that provider and grant the app permission to read and write your files there. The app talks to the provider’s API directly from your device to list, open, upload, download, rename, move, and delete the files you act on. None of this content passes through any server we control.
• Remote servers (SFTP, FTP and FTPS, SMB, WebDAV, S3-compatible storage). Connections you configure are made directly from your device to the server you specify.
• On-device and removable storage. With your permission, the app manages files in your device storage and on connected USB or removable drives. This happens entirely on the device.
• Terminal sessions. Local shells and any SSH connections you start run directly between your device and the host you choose.

2. How the app stores credentials

OAuth refresh tokens (for the cloud services) and the usernames, passwords, and keys you enter for remote servers are stored only on your device, encrypted with a key held in the Android Keystore (AES-256-GCM). They are used solely to maintain the connections you set up, and are never sent to us.

3. Google user data — Limited Use

The app’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, your Google Drive data is accessed only on your device to provide the file-management features you request; it is never transferred to a developer server, is not used for advertising, is not sold, and is not used for any purpose other than providing the app’s features to you.

4. Data we collect

None. The app contains no analytics, no advertising SDKs, and no telemetry. We do not create accounts on our side and we keep no database of users.

5. Permissions

The app requests only the permissions its features need — for example, All-Files access so the file manager can manage your storage, network access for your connections, and notifications for background transfers. Each permission is used solely for the stated feature.

6. Revoking access

You can disconnect any cloud account or delete any saved server inside the app at any time, which removes the stored credentials from your device. You can also revoke the app’s access from the provider’s own security settings (your Google, Dropbox, or Microsoft account pages).

7. Children

The app is a general-purpose utility and is not directed at children.

8. Changes

If this policy changes, the updated version will be posted at this address with a new “last updated” date.

9. Contact

Questions about this policy: tifloterminal@salv.is.