Foldvia Privacy Policy
Effective date: 〔YYYY-MM-DD〕
Foldvia ("Foldvia", "the App", "we", "us") is a desktop application published by Laventis Strategic Ltd (元構策略有限公司) ("Laventis", the "Company"), a company registered in Taiwan (R.O.C.).
This Privacy Policy explains what data the App can access, what data (if any) leaves your device, how it is handled, and the choices you have. It covers the entire Foldvia desktop application, including its connections to third-party cloud storage providers, the optional Foldvia Cloud backup feature, and optional error reporting.
1. The core principle: Foldvia is local-first
By default, Foldvia runs entirely on your own device. It organizes, browses, and cleans files on your computer and on the cloud accounts you connect. In normal use there is no Foldvia server in the path of your files: there is nothing to sign up for, and the App does not phone home, show advertising, or collect usage analytics.
Data leaves your device in only the few, specific situations listed in Section 3 below — each one is either a direct connection you initiate to your own cloud provider, or an explicitly optional feature you turn on. If a data flow is not listed in Section 3, it does not exist in this version.
2. Data that stays on your device
Foldvia keeps the following on your computer only. None of it is automatically transmitted anywhere:
- Operation journal — a local record of file operations, so the App can
report honestly what it did (stored under your user profile,
~/.filepal/). - Session snapshots — when you run a cleanup, a local manifest of what was removed and how it could be rebuilt; stored locally and automatically limited in number.
- Preferences — language, theme, and similar settings (a local database).
- License — if you buy a paid tier, a signed license file recording your tier and entitlements. It contains no personal-data fields.
- Cloud / OAuth credentials — see Section 5.
This data is removed when you delete it within the App, delete your ~/.filepal/
folder, or uninstall the App.
3. When data leaves your device (the complete list)
3.1 Connecting your own cloud storage (direct, no Foldvia server)
When you connect a cloud account — for example Google Drive, Microsoft OneDrive, Amazon S3 or S3-compatible storage, Cloudflare R2, Backblaze B2, Wasabi, Google Cloud Storage, or Azure Blob Storage — the App communicates directly from your computer to that provider's API. Your files and file metadata flow between your device and that provider only. They do not pass through, and are not stored on, any Laventis or Foldvia server. The App uses this access only to provide the unified, browsable, on-device file experience across the clouds you connect.
3.2 Foldvia Cloud backup (optional; the one feature that uploads to us)
Foldvia Cloud is the only situation in which your file contents are sent to and stored on our infrastructure, and it happens only by your explicit action — you choose specific files and confirm the upload. If you never enable it, no file contents ever leave your device through this path.
- What we receive: the byte contents of the files you choose to back up, plus a SHA-256 hash of each file (used to avoid storing duplicate copies).
- What we do not receive: your file names, local paths, or folder structure — backed-up objects are keyed by content hash, not by name or location.
- Encryption: uploaded contents are stored as you sent them and are not additionally encrypted at rest by Foldvia in this version. Do not use Foldvia Cloud for data requiring at-rest encryption guarantees. (Transport uses HTTPS.)
- Deletion: in this version there is no self-service delete for Foldvia Cloud objects; to have backed-up content removed, contact support (Section 10). Self-service deletion is planned for a future version.
3.3 Error reporting (optional; off by default)
Foldvia can send anonymized crash and error reports to help us fix defects, using the third-party service Sentry. This is opt-in and turned OFF by default. Nothing is sent unless you explicitly enable "error reporting" in Settings; the App explains exactly what is and is not sent on that screen, and the choice takes effect after a restart.
When (and only when) you enable it, a report may include the error message and a stack trace, with sensitive content scrubbed before sending: absolute file paths are reduced to a bare file name, and bearer tokens, secrets, and long base64 strings are masked. We do not send, through error reporting: behavioral telemetry, usage statistics, file contents, or full file paths.
3.4 Links that open your browser
Choosing certain actions (for example an upgrade or "learn more" link) opens the link in your default web browser, which leaves the App. Your browser, not Foldvia, governs what happens next.
4. Google Drive — Limited Use disclosure (Google API Services User Data Policy)
If you connect Google Drive, Foldvia requests the drive.readonly
scope (read-only access to your Drive files, including their contents). With your authorization,
the App can read file/folder metadata (name, file ID, size, MIME type, parent
relationships, and where available the md5Checksum), read your Drive
storage quota, and download file contents when you choose to
open, view, or transfer a specific file. The integration is read-only — Foldvia
does not modify, delete, or upload to your Google Drive.
Foldvia's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Concretely:
- We use Google user data only to provide and improve the user-facing file-browsing features that are visible and prominent in the App.
- We do not transfer this data to others except as necessary to provide or improve those features (with your consent), for security purposes, to comply with applicable law, or as part of a merger or acquisition.
- We do not use this data for advertising, including retargeting, personalized, or interest-based advertising.
- We do not sell this data, and we do not allow humans to read it, except where you give affirmative consent for specific files, it is necessary for security or to comply with law, or the data has been aggregated and anonymized.
- We do not use this data to create, train, or improve any generalized artificial-intelligence or machine-learning model.
5. How your credentials are stored
When you authorize a cloud account, the resulting access tokens, refresh tokens, or access keys are stored locally on your device using the operating system's secure credential facilities:
- Windows: encrypted with the Windows Data Protection API (DPAPI,
CryptProtectData) under your user account and written to a per-user, access-restricted file. The ciphertext cannot be decrypted by another user or on another machine. - macOS: the system Keychain.
- Linux: the Secret Service (e.g. via libsecret).
These credentials are never transmitted to Laventis and are used by the App only to authenticate the requests your device sends directly to each provider.
6. What we never do
- We do not sell, rent, or trade your data.
- We do not show advertising in the App.
- We do not collect behavioral telemetry or usage analytics.
- We do not build advertising or AI/ML training datasets from your files or cloud data.
- Apart from the optional Foldvia Cloud backup you explicitly enable (Section 3.2), we do not receive or retain copies of your file contents or metadata on our infrastructure.
7. Data retention and your choices
- On-device data: removed when you delete it in the App, delete your
~/.filepal/folder and OS credential entries, or uninstall. - Connected clouds: disconnect an account in the App to delete its locally stored credentials; this does not delete any files in your cloud account. You can also revoke access from the provider (for Google: https://myaccount.google.com/permissions).
- Foldvia Cloud backup: contact support for removal in this version (self-service deletion planned for a future version).
- Error reports: retained by Sentry according to our configured retention; turning the feature off stops any further reports.
8. Children
Foldvia is not directed to children and is intended for users who are old enough to hold the relevant accounts.
9. Changes to this policy
We may update this Privacy Policy. Material changes will be posted at this URL with an updated effective date; where required, we will request renewed authorization.
10. Contact
Laventis Strategic Ltd (元構策略有限公司)
Registered address: 4F., No. 398, Sec. 1, Keelung Rd., Xinyi Dist., Taipei City 110612,
Taiwan (R.O.C.)
〔中文:中華民國臺灣臺北市信義區基隆路一段398號4樓〕
Business registration number (統一編號): 62063155
Contact: support@foldvia.com (transitional, until the mailbox is live: Laventisone@gmail.com)