Last updated: November 19, 2025
Personal Information: We do not collect any personal information such as names, email addresses, or phone numbers unless you explicitly provide them (e.g., when signing in with GitHub for repository import).
File Content: For text-based files (JavaScript, Python, Markdown, etc.), all processing happens locally in your web browser. We never receive, store, or have access to these files.
Document Files: For complex documents (PDFs, DOCX, XLSX, PPTX), files are temporarily sent to our server for text extraction, then the extracted text is returned to your browser. These files are:
Usage Data: We collect minimal, anonymized usage statistics via Vercel Analytics (if deployed there):
File Types: .txt, .md, .js, .py, .json, .yaml, .html, .css, and most code files
How it works: Your browser reads the files directly using the File API. The content never leaves your computer. We literally cannot see these files because they're never sent to our servers.
File Types: .pdf, .docx, .xlsx, .pptx
How it works: These complex formats require specialized libraries for text extraction. Files are sent to our API endpoint, processed in memory using libraries like pdfjs-serverless and mammoth, and the extracted text is returned to your browser. The original file is immediately deleted from memory.
HTTPS Encryption: All communication between your browser and our servers is encrypted using TLS/SSL.
No Storage: We do not use databases to store file content. Files processed server-side are never written to disk or persistent storage.
No Logging: We do not log file names, file contents, or any metadata about your uploads.
Session Storage: Your uploaded files are temporarily stored in your browser's sessionStorage to preserve them during GitHub OAuth redirects. This data stays in your browser and is automatically cleared when you close the tab.
Clerk (Authentication): If you choose to sign in with GitHub to use the repository import feature, we use Clerk for authentication. Clerk handles the OAuth flow and stores your GitHub access token securely. We only receive your GitHub username and access token (with read-only permissions). See Clerk's Privacy Policy at clerk.com/legal/privacy
Since we don't collect or store personal data, there's no data to access, correct, or delete. You have complete control over your files:
OneFile is fully open source under the MIT license. You can review our entire codebase, including file processing logic, at:
This transparency allows security researchers and users to verify that we handle files exactly as described in this policy.
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Significant changes will be announced via:
If you have questions about this Privacy Policy or how we handle your data, please: