Privacy Policy

1. The "Zero-Knowledge" Principle

FlashMesh is designed as a direct bridge between your local equipment and your private cloud providers (Google Drive and Dropbox). We operate on a Zero-Knowledge Architecture. This means we never see, store, or transmit your files through our own servers.

2. Data We Access

When you connect Google Drive or Dropbox, FlashMesh requests access scope only for its own application folder. We do not have access to your entire drive unless explicitly permitted for migration purposes.

• Authentication Tokens: OAuth tokens are stored locally on your device (Encrypted) or in your browser's LocalStorage. They are never sent to FlashMesh servers.
• File Metadata: Manifests (.oro files) are stored in your private cloud. FlashMesh reads these to reconstruct your file tree.

3. Encryption & Security

All data is encrypted end-to-end using AES-GCM 256-bit encryption before it leaves your device. Your encryption keys are derived from your master password and are never transmitted. If you lose your master password, your encrypted data cannot be recovered by FlashMesh.

4. Third-Party Analytics

FlashMesh does not use third-party tracking pixels or behavioral analytics. Your usage patterns are your business.

5. Changes to This Policy

As FlashMesh evolves, we may update this policy. Users will be notified via the application dashboard when significant changes occur.