Skip to content
SADFinder

Privacy Policy

Last updated · July 15, 2026

SADFinder is local-first: browsing, searching, and managing files never leaves your Mac. The desktop app touches the network only for the specific, user-visible purposes listed below. This policy covers those, plus the small amount of data the website handles to manage your account and license.

Who controls your data

SADFinder is operated by APLICATII ANDROID PLUS S.R.L., which is the data controller for the information described here. It is a Romanian limited liability company with its registered office at Calea Floreasca nr. 169, etaj 6, camera 12, Sector 1, Bucharest, Romania (Romanian Trade Register no. J2015003513408, C.U.I. 3427080). For any question about your data, email hello@sadfinder.com.

What the desktop app sends

The SADFinder app on your Mac does not transmit to SADFinder servers:

  • File names, paths, contents, folder structures, or filesystem metadata.
  • Analytics, usage statistics, or advertising identifiers.
  • Your Apple ID or iCloud identity.
  • Cloud-storage OAuth tokens — these stay in the macOS Keychain on your Mac and are never sent to SADFinder servers.

Licensing

The app contacts our server to (a) activate your license on a new Mac and (b) revalidate the license once every 7 days. Those requests contain only your license key, a machine identifier we generate locally on first launch, and basic metadata (macOS version, app version, device name as set in System Settings).

Software updates

The app periodically fetches the signed update feed from sadfinder.com and downloads updates from our servers. Update requests carry no account information.

Crash reports (optional, off by default)

If you enable crash reports in Settings → Privacy & Diagnostics, crash and diagnostic reports are sent to our error-monitoring processor (Sentry). They contain stack traces and app/macOS version information — never your file contents. The toggle is off by default and can be turned off at any time.

Optional cloud integrations (Dropbox, Google Drive, OneDrive)

These are off until you connect an account yourself, in Settings or from a cloud action in a context menu. When you do:

  • Authorization happens directly between your browser and Dropbox, Google, or Microsoft (OAuth). SADFinder never sees your password.
  • Access and refresh tokens are stored only in the macOS Keychain on your Mac. SADFinder servers never receive them.
  • SADFinder keeps non-secret account identity (name, email, account ID) and its association with a local sync folder on your Mac, so an action can never go through the wrong account.
  • When you invoke a cloud action (copy web link, view on web, file info, version history), SADFinder requests metadata, existing web URLs, and revision metadata for the selected items directly from that provider. File contents are never uploaded or downloaded through these APIs, and nothing about your cloud files is sent to SADFinder servers.
  • Requested permissions are deliberately narrow: Dropbox — file metadata and shared-link management (files.metadata.read, sharing.read, sharing.write); Google Drive — read-only file metadata (drive.metadata.readonly) plus basic profile; OneDrive — read-only file access (Files.Read, User.Read).
  • “Make available offline” downloads files through the provider’s own desktop app (macOS File Provider), not through provider APIs or our servers.
  • You can disconnect an account in Settings at any time, which deletes its tokens from the Keychain. You can additionally revoke SADFinder in the provider’s security dashboard (Dropbox, Google, Microsoft). Data processed by a provider is governed by that provider’s own privacy policy.

Google Drive data handling

SADFinder handles Google Drive user data only after the user deliberately connects an account and invokes a Google Drive feature. SADFinder does not create aggregated, anonymized, or derived datasets from Google user data.

  • Data accessed: basic Google account identity (account ID, display name, and email address) and read-only Drive metadata needed for the selected item: file or folder name and ID, MIME type, size, timestamps, parent and shared-drive identifiers, checksum, resource key, capabilities, shortcut metadata, existing web URL, and revision metadata. SADFinder does not access file contents through the Drive API.
  • Data use: locating a locally synchronized item in the user's Drive account and providing the user-requested copy/open web link, file information, and version-history features. Google user data is not used for advertising, analytics, profiling, credit or lending, or any unrelated purpose.
  • Data transfer and sharing: Drive API requests travel directly over HTTPS between the user's Mac and Google. Google user data is never sent to SADFinder servers, sold, or shared with advertisers, data brokers, other third parties, or third-party AI/ML services.
  • Protection: OAuth access and refresh tokens are stored in the macOS Keychain. The non-secret account-to-local-folder mapping is stored only in the user's private Application Support directory. Tokens and Google Drive user data are not written to SADFinder logs.
  • Retention and deletion: Drive metadata returned for an action is kept only for the time needed to complete that action and display its result; SADFinder does not retain a server-side copy. Disconnecting deletes the account's OAuth tokens from the Keychain. A non-secret account identifier and local-folder association may remain on the Mac to prevent a future reconnection from silently using the wrong account; the user can remove that association by unassigning the local root in Settings or by deleting SADFinder's local app data.
  • AI/ML: SADFinder does not use Google Workspace user data to develop, improve, or train generalized or personalized AI/ML models, and does not transfer that data to any service for AI/ML training.

Google API Services User Data Policy — Limited Use

SADFinder's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

The use of raw or derived user data received from Google Workspace APIs will adhere to the Google User Data Policy, including the Limited Use requirements.

What the website handles

DataWhyRetained
Email addressIdentifying your account, billing receipts, magic-link sign-inWhile your account exists
Name (optional)Receipts and personalizationWhile your account exists
Stripe customer ID and subscription metadataBillingWhile the account exists, plus required retention
License key and activated devicesLicense enforcementWhile the license is active
Session cookieKeeping you signed in (30 days)Until you sign out or it expires
IP and User-Agent on each sessionDetecting suspicious sign-ins90 days
Audit log entriesSecurity investigations180 days
Public website analytics, session recordings, heatmaps, and advertising eventsUnderstanding traffic, referrals, page engagement, ad performance, usability issues, and trial-start clicksStored in Google Analytics, Microsoft Clarity, Meta Business tools, TikTok Ads, Reddit Ads, and X Ads according to their retention settings
Temporary ad attribution contextSending server-side checkout, trial, and purchase conversion eventsUp to 90 days in Cloudflare KV

Where data lives

Application data is stored in Cloudflare D1 (SQLite) and Cloudflare KV, with replicas across Cloudflare's global edge. Email is sent through Resend. The public website uses Google Analytics, Microsoft Clarity, Meta Pixel, Meta Conversions API, TikTok Pixel, TikTok Events API, Reddit Pixel, Reddit Conversions API, X Pixel, and X Ads Conversions API for analytics, usability, session recording, heatmap, and advertising measurement on public marketing pages. Payments and invoices are processed by Stripe — see their privacy policy for what they store.

What we don't do

  • We don't sell or rent your data.
  • We don't load third-party analytics in the desktop app or account dashboard.
  • We don't send file names, license keys, passwords, or payment card details to advertising platforms.
  • We don't fingerprint your browser.

Cookies

Required account cookies are first-party:

  • sadf_sess — HMAC-signed session cookie. HTTP-only, secure, SameSite=Lax. Lifetime 30 days.
  • sadf_csrf — anti-CSRF token. Lifetime 2 hours, SameSite=Strict.

On public site pages, Google, Microsoft Clarity, Meta, TikTok, Reddit, and X may set cookies or receive browser and server-side events to measure page views, clicks, scrolls, page engagement, usability issues, outbound clicks, ad performance, checkout-start events, trial starts, and paid invoices. Microsoft Clarity masks sensitive content by default. We do not send file names, license keys, passwords, or payment card details to Google Analytics, Microsoft Clarity, or advertising platforms.

Your rights (GDPR / California)

You can email hello@sadfinder.com at any time to:

  • Get a copy of your data.
  • Correct anything that's wrong.
  • Delete your account. After confirmation we wipe your data within 30 days, except where retention is legally required (e.g. Stripe billing records).

Children

SADFinder isn't directed at children under 16. We don't knowingly collect data from them.

Changes

We'll update this page when our practices change. The "last updated" date at the top reflects the most recent material change. Significant changes get an email.

Contact

Reach out at hello@sadfinder.com.