F
FileManagerby Clappe

Security & Privacy

We built FileManager around a simple principle: a file manager should never need to see your files.

Local-first by design

Every file operation runs on your machine. We do not relay your data through any cloud service, ever. When you connect to S3 or Google Drive, the connection is between your machine and that provider — we are not in the middle.

Credentials stay in your OS keychain

API tokens, SSH keys, and OAuth refresh tokens are stored in your platform keychain (Keychain on macOS, Credential Manager on Windows, libsecret on Linux). They never appear in our logs and never transit our infrastructure.

AI runs locally

The AI assistant talks to your local Ollama install. We do not proxy AI requests through any hosted model. No API keys, no rate limits, no per-token billing — and no file contents leaving your machine.

No telemetry by default

The desktop app does not phone home. Auto-update checks fetch a static manifest; nothing about your usage is reported. If you opt into anonymous diagnostics later, you can audit exactly what is sent in Settings → Privacy.

Responsible disclosure

Found a security issue? Email security@clappe.com. We aim to acknowledge within 24 hours and ship a patch within 14 days for high-severity issues. Please do not file public GitHub issues for security reports.

We currently do not operate a paid bug-bounty program but will publicly credit reporters (with permission) in the release notes for each fix.

Code signing & updates

All macOS and Windows installers are code-signed with our Apple Developer ID and Windows EV certificate. The Tauri auto-updater verifies an Ed25519 signature on every update before applying it; a tampered update is rejected, not installed.

Linux .AppImage and .deb / .rpm packages include detached signatures published alongside each release on GitHub. SHA-256 checksums are published for every artifact.

Source-available

FileManager is published under the PolyForm Shield 1.0.0 license. You can read every line of the desktop code on GitHub and build it yourself. That means our claims above are auditable, not just marketing copy.