Privacy

Last updated: 2026-05-01

transfqr is built around a single principle: the data you transfer never leaves the two devices you are transferring between. This page describes exactly what we do and don't collect.

What transfqr does NOT do

• We do not have a server. There is no transfqr backend that receives your files.
• We do not collect, transmit, or store the contents of files you transfer.
• We do not collect file names, file types, or file metadata.
• We do not require an account, email, phone number, or any identifier.
• We do not access your contacts, photos, or location.
• We do not track you across apps, websites, or devices.

What transfqr DOES do

File transfer (always on, fully offline)

When you send a file, the app reads it from device storage, splits it into chunks, and renders the chunks as QR codes on screen. The receiving device reads those QR codes through its camera and reconstructs the file locally. No network is involved at any step.

The app declares the following native permissions:

• Camera — to scan QR codes from the sender's screen (receiver mode).
• Storage — to read the source file (sender) and write the received file (receiver).
• Photos — to auto-save received images and videos to your library (you can decline).
• Vibration — for haptic feedback on transfer events.

Crash reporting via Sentry (opt-in)

If you have not opted out in Settings, the app sends crash reports containing a stack trace of the error and anonymous device metadata (OS version, app version, device model class). Crash reports never include file names, file contents, file sizes, or any identifier that could be linked back to you.

Anonymous usage analytics via PostHog (opt-in by user, default OFF)

If you opt in via the consent prompt on first launch, the app sends anonymized event data:

• Mode selection (sender / receiver)
• Transfer start, complete, abort
• File size bucket (e.g. "100KB-1MB", never the exact size)
• Transfer duration bucket
• Failure reason category

We do not send file names, contents, hashes, IPs, or any identifier. PostHog runs on us.posthog.com and is configured with disableGeoip: true. You can change your analytics choice anytime in Settings.

Data retention

• File transfers leave nothing on disk beyond what your OS already does.
• Crash reports are retained per Sentry's defaults (90 days).
• Analytics events are retained per PostHog's defaults.

Children

transfqr is not directed at children under 13. We do not knowingly collect any data that could identify a child.

Contact

Privacy questions: privacy@transfqr.com