SkipStone is a peer-to-peer (P2P) file-sharing app for iOS, Android, macOS, Windows, and the web. This Privacy Policy explains what information we collect, how we use it, and the choices you have. Our core design principle is simple: your files transfer directly between devices and their contents are never stored on our servers.
This policy applies to the SkipStone mobile and desktop apps, the web app at app.skipstoneapp.com, and this website. SkipStone is provided by MyliusTech LLC ("SkipStone," "MyliusTech," "we," "us," or "our"), located at 169 Madison Ave STE 74756, New York, NY 10016. Contact: support@myliustech.com · myliustech.com.
- How SkipStone works (and why it matters for privacy)
- Information we collect
- Your files, photos, and transfers
- Device permissions
- How we use information
- When we share information
- Third-party services
- Data retention & deletion
- Security
- Your privacy rights (GDPR / UK GDPR / CCPA)
- Children's privacy
- International data transfers
- Changes to this policy
- Contact us
1. How SkipStone works (and why it matters for privacy)
SkipStone sends files directly between devices using one of three transport methods, chosen automatically based on what's available:
- Internet (peer-to-peer): a direct, encrypted WebRTC connection between devices. To establish the connection, devices exchange small "signaling" messages (such as session descriptions and network candidates) through our Firebase backend, and use public STUN servers to discover how to reach each other. The file itself travels directly between the devices, not through our servers.
- Local Wi-Fi: when devices are on the same network, they discover each other using local network (mDNS/Bonjour) and transfer files directly over that network.
- Bluetooth: when no network is available, devices connect and transfer over Bluetooth Low Energy.
In all three cases, we do not receive, inspect, or store the contents of the files you send or receive. We process only the limited account and coordination data described below.
2. Information we collect
| Category | Examples | Why we collect it |
|---|---|---|
| Account information | Email address and authentication credentials (managed by Firebase Authentication) | To create and secure your account and sign you in |
| Profile information | Display name and the profile icon/avatar image you choose | So your contacts can recognize you and your devices |
| Device information | Device names, an app-generated device ID, device type, and a chosen device icon | So your own devices and friends' devices can find and connect to each other |
| Connections / contacts | Friend relationships you create (e.g., by scanning a QR code or sending an invite) and pending connection/transfer requests | To let you send files to people you've connected with |
| Signaling & connection metadata | Temporary WebRTC offers/answers, ICE candidates, and IP/network information needed to establish a direct connection | To set up a direct device-to-device transfer (this is not file content) |
| Purchase information | Subscription/purchase status and identifiers for SkipStone paid features, processed via RevenueCat and the Apple App Store or Google Play | To provide and manage paid features. We do not receive your full payment card details. |
| Push notification tokens | Device push tokens from Apple Push Notification service / Firebase Cloud Messaging | To notify you of incoming transfers and connection requests |
| Technical & diagnostic data | App version, device/OS type, and limited logs or crash/error information | To keep the service reliable and troubleshoot problems |
We do not sell your personal information, and we do not use it for cross-app advertising or tracking.
3. Your files, photos, and transfers
When you send a file, SkipStone accesses it on your device only to transmit it to the recipient device. File contents are transferred peer-to-peer and are not uploaded to or stored on SkipStone's servers. Files you receive are saved to your device's storage (for example, your Photos library or a SkipStone folder), according to the permissions you grant. We do not retain copies of received files.
Because transfers can be device-to-device with no SkipStone server in the path, you are responsible for who you connect with and what you send. Only connect with people and devices you trust.
4. Device permissions
SkipStone requests certain device permissions to function. You can grant or revoke these in your device settings:
- Bluetooth: to discover nearby devices and transfer files when offline.
- Local Network (iOS): to find devices on the same Wi-Fi network for fast local transfers.
- Camera: to scan a friend's QR code when adding a connection.
- Photos / Files / Storage: to select files to send and to save files you receive.
- Notifications: to alert you to incoming transfers and connection requests.
If you decline a permission, the related feature may not work, but you can still use the rest of the app.
5. How we use information
- To authenticate you and operate your account.
- To let your devices and approved contacts discover one another and establish transfers.
- To deliver notifications about transfers and connection requests.
- To provide, manage, and restore paid features and subscriptions.
- To maintain security, prevent abuse, and debug and improve the service.
- To comply with legal obligations and enforce our Terms of Service.
6. When we share information
We share personal information only in these limited circumstances:
- With people you connect to: when you add a friend or send a transfer, your display name, profile icon, and device names are shared with that connection so the transfer can happen.
- With service providers: the third parties listed below, who process data on our behalf to run the service.
- For legal reasons: if required by law, regulation, legal process, or to protect the rights, safety, and property of SkipStone, our users, or others.
- In a business transfer: in connection with a merger, acquisition, or sale of assets, subject to this policy.
We do not sell or rent your personal information to third parties.
7. Third-party services
SkipStone relies on the following providers. Their handling of data is governed by their own privacy policies:
- Google Firebase — Authentication, Cloud Firestore (account, device, friend, and signaling data), Cloud Storage, and Cloud Messaging (push notifications).
- Public STUN servers — used during WebRTC connection setup to help devices locate one another across networks.
- RevenueCat — manages subscription/purchase entitlements for paid features.
- Apple App Store / Google Play — process payments and distribute the app; they handle your payment information directly.
8. Data retention & deletion
We keep account, profile, device, and connection data for as long as your account is active. Temporary signaling and connection-request data is short-lived and removed once it is no longer needed to complete a connection. We retain limited records longer where required for legal, security, or fraud-prevention purposes.
You can delete your account at any time from within the app (Profile → Delete Account), which removes your account and associated profile, device, and friend records. You may also email support@myliustech.com to request deletion.
9. Security
We use industry-standard safeguards, including encrypted connections for peer-to-peer transfers (WebRTC/DTLS) and the security controls provided by our infrastructure partners. No method of transmission or storage is 100% secure, so we cannot guarantee absolute security. Keep your account credentials confidential and only connect with trusted devices and people.
10. Your privacy rights
EEA / UK (GDPR)
If you are in the European Economic Area or the United Kingdom, you have rights to access, correct, delete, restrict, or object to processing of your personal data, and to data portability. Our legal bases for processing are: performance of our contract with you (to provide the service), your consent (e.g., for certain device permissions), and our legitimate interests (security, abuse prevention, and improving the service). You may lodge a complaint with your local data protection authority.
California (CCPA/CPRA)
California residents have the right to know what personal information we collect, to request deletion or correction, and to opt out of "sale" or "sharing" of personal information. We do not sell or share your personal information as those terms are defined under California law. You will not be discriminated against for exercising your rights.
To exercise any of these rights, contact support@myliustech.com. We may need to verify your identity before responding.
11. Children's privacy
SkipStone is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us personal information, contact us and we will delete it.
12. International data transfers
Your information may be processed and stored in countries other than your own, including the United States, where our service providers operate. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses) for such transfers.
13. Changes to this policy
We may update this Privacy Policy from time to time. We will revise the "Last updated" date above and, for material changes, provide additional notice in the app or by email. Your continued use of SkipStone after an update means you accept the revised policy.
14. Contact us
Questions or requests about your privacy? Email support@myliustech.com or write to MyliusTech LLC, 169 Madison Ave STE 74756, New York, NY 10016.
← Back to SkipStone