FileFlow Privacy Policy

Last updated: Jun 16, 2025 | Effective on: Jun 16, 2025

FileFlow (the "App") developed by Shanghai Youting Network Technology Co., Ltd. is committed to protecting your personal data and privacy. We understand the importance of your personal information and strive to ensure its security and reliability. This Privacy Policy explains how we collect, use, store, and protect your data when you use our device cleaning and file management services ("Services").

Special Notes

This Policy applies to the FileFlow App only, not to third-party services accessed via the App or links.

Under applicable laws (e.g., GDPR), users under the age of 16 must obtain guardian consent to use our Services.

1. How we collect and use your personal data

1.1 To help you clean junk files and manage device data, we collect:
  • Unique Device Identifier (UUID): Obtained from your device system to provide tailored cleaning rules and count user statistics.
  • App names and package names: To match appropriate cleaning rules for installed apps.
  • Suspected junk file paths: To identify files for safe removal.
  • Device and network information: Including manufacturer, model, Android version, network type, WiFi status, language locale, etc.
1.2 To improve our Services, we collect:
  • Exception data (e.g., missing package names, residual paths, slow scan paths).
  • Usage data (e.g., usage times, scan duration, cleaned junk size, cancellation records).
  • Device and app metrics (e.g., app junk size, data volume, RAM/storage capacity).

2. How we store your personal data

2.1 We will only keep your personal data for a period no longer than that necessary for the purpose for which we process your personal data or required by law.

2.2 When we obtain your personal data from a third party, the time limit for us to retain your personal data shall be the shorter of the time required for the above service purposes and the time required by the third party to notify us to delete your personal data.

2.3 However, we may keep retention of your personal data in the following circumstance:

  • if it is within the scope permitted by applicable law;
  • if we believe that the documents containing your personal data may be relevant to any ongoing or potential legal proceedings;
  • if we are to obtain, exercise or protect our legal rights (including providing information to others to prevent fraud and reduce credit risk).

3. Third-party data processors

We may, according to our own business demands, entrust your personal data to a third-party data processor in a form meeting GDPR requirements, so as to provide better service and improve user experience. As for now, we haven't entrusted any third party to process your personal data or share such data with third party. If we do in the future, we will publish the list of data processors and their category, and the scope, purpose and method of shared information among others.

We entrust your personal data to data processor only for legal, proper, necessary, specific and clear purpose, and process personal data necessary to the rendering of service only. We will try our best to supervise data processor to fully perform the entrustment agreement for processing legally, so as to ensure that your rights can be guaranteed to the most extent.

5. How we protect your personal data

5.1 We have used safety protection measures meeting industrial standards to protect the personal data provided by you, and prevent data from unauthorized access, public disclosure, utilization, modification, damage or loss. We will adopt every reasonable and feasible measure to protect your personal data. For example, we regulate the data storage and utilization by setting up the rules for data classification and grading, data security management standards and data security development standards; we will use encryption technique to ensure the confidentiality of data and store personal data and non-personal data separately; we will use reliable protection mechanism to prevent data from hostile attack; we will deploy access control mechanism to ensure that only authorized personnel have access to personal data; the server system that we store the user's personal data is the one with security reinforcement; and we will hold training courses for security and privacy protection, so as to strengthen our employees' understanding about the importance of protecting personal data.

5.2 We will adopt every reasonable and feasible measure to ensure that no irrelevant personal data is collected. We will reserve your personal data only within the period necessary to reaching the goals stated in this Policy, except for otherwise extension of reserving period or allowed by laws.

5.3 We will try our best to ensure or guarantee the security of any information you send to us. We will assume the corresponding legal responsibilities if your legal rights and interests are compromised due to unauthorized access to, public disclosure, manipulation or damage of information as a result of our physical, technical or management safeguards damaged.

5.4 After the personal data leakage, we will, according to the laws and regulations, inform you our contact information, basic situation of the security event and possible impacts, actions we adopted or to be adopted, suggestions relevant to self-leading prevention and risk reduction, remedies to you among others in a timely manner. We will inform you the situation relevant to the event via email, letter, call, notice push and other ways in a timely manner, or in the case of being difficult in informing the subjects of personal data one by one, we will release announcement in a reasonable and effective manner.

5.5 In addition, we will initiatively report the disposal of the security event of personal data according to the requirements of supervision department.

6. Your rights

6.1 Your rights

In accordance with applicable laws, regulations, standards and their established practices, we guarantee that you can exercise over your personal data the rights of access, right to rectification, right to erasure, right to restriction of processing, right to data portability, Right to object and automated individual decision-making. You may send an email to [[email protected]] at any time and we will respond to your request within the reasonable time required by applicable law. It is well noted that:

  • you shall have the right to withdraw your consent, but such withdrawal shall not have retroactive effect;
  • you may at any time request us not to use your personal data for marketing purposes;
  • FileFlow does not involve automatic decision making.
6.2 Responding to your above request
  • In order to ensure security, you may need to provide a written request or otherwise prove your identity. We may ask you to verify your identity before processing your request.
  • We will make a reply within 30 days. If you are not satisfied, you can also lodge a complaint in the way provided in the clause 10.2 of this Policy.
  • For your reasonable request, we do not charge any fee in principle, but we will charge a certain cost for repeated requests beyond the reasonable limit, as the case may be. We may reject those repeated requests without a cause, requests requiring too much technical means (for example, development of a new system or fundamental change of the existing practice is necessary) or posing risks to legal rights and interests of others, or extremely unrealistic requests (for example, involving information stored on the backup tape).
6.3 We will not be able to respond to your request as required by laws and regulations, in the following situations:
  • Directly related to national security and national defence security;
  • Directly related to public safety, public health and major public interests;
  • Directly related to criminal investigation, prosecution, trial, judgment execution, etc.;
  • There is sufficient evidence proving your subjective malice or abuse of rights;
  • Responding to your request will result in serious damage to your legitimate rights and interests or that of bother individuals or organizations.
  • Involving business secrets;
  • Other circumstances specified by applicable laws.

7. How we process the personal data of children

7.1 Our products and services are mainly provided for adults. Children shall obtain their guardian's authorization to use our product or service.

7.2 We regard anyone under 16 years old as a child, despite different definitions of children by local laws and customs.

7.3 Subject to the existing technology and business model, it is difficult for us to actively identify a user to be children or not. Once we find ourselves or are informed of having collected personal data on children without their guardian' prior and verifiable consent, we will try to delete the relevant data as soon as possible.

8. How your personal data transfer across borders

8.1 In principle, your personal data will be stored on the nearest server to avoid potential issues arising from data cross-border transfer. For example, the data of EU users are stored in server located in Ireland or German, the data of Asia users other than Mainland China are stored in server located in Singapore, and the data of North America users are stored in server located in USA.

8.2 We are trying our best to comply with data transfer rules applied in each jurisdiction. We will not transfer your personal data from overseas servers to servers in mainland China without your explicit consent.

9. How this Policy is updated

9.1 We reserve the right to adjust this Policy at any time in accordance with changes in services, adjustments to applicable laws and policies, as well as other affected factors. We will not reduce your rights under this Privacy Policy without your express consent. Any updates to this Policy will be posted on this webpage in the way of marking update time, so please feel free to view and understand the privacy policy you shall observe. If you do not agree to accept this Policy, please stop visiting and using our services.

9.2 For major changes, we will also provide more noticeable notice (including a notification sent by e-mail explaining the specific changes in the privacy policy for certain services).

9.3 Major changes referred to in this Policy include, but are not limited to:
  • Major changes in our service model. For example, the purpose of processing personal data, the type of processed personal data, the use of personal data, etc.;
  • Major changes in our ownership structure, organizational structure, among others. Such as, change of the owner caused by business adjustment, bankruptcy and mergers and acquisitions, and others;
  • Changes in main objects of personal data delegated to be processed;
  • Changes in main objects of personal data publicly disclosed;
  • Major changes in your rights to participate in the processing of personal data and how it is exercised;
  • Upon changes in our department responsible for dealing with the security of personal data, contact information, and complaints channels;
  • Upon high risks indicated in the personal data security impact assessment report.

10. How to contact us

10.1 Please contact us through the following methods, if you have any questions, suggestions or complaints about our privacy policy:

[email protected]

10.2 For data subject located in EU under the jurisdiction of General Data Protection Rules, you may contact [[email protected]] which is designated as representative of Shanghai Youting Network Technology Co., Ltd. ("data controller").

10.3 Generally, we will reply within reasonable time applied in each jurisdiction (say 30 days in EU). If you are dissatisfied with our response, especially if you believe that our acts of processing personal data have caused damage to your legal rights and interests, you can also contact the competent data protection authority or committee for assistance.