Privacy Policy

Effective date: 9 June 2026 · Applies to the Duet mobile app (iOS and Android).

Duet does not track you across apps or websites. There is no account, no sign-up, and no servers of ours ever receive what you transfer. What you send goes directly from one device to another and is end-to-end encrypted — we never see it, because it never reaches us. To keep the app stable and understand basic, anonymous usage, Duet uses Google's Firebase Crashlytics and Firebase Analytics — but only after you consent, and you can decline. Duet is free and ad-supported; the ads are non-personalized (no advertising identifier, no cross-app tracking).

What data we collect

Your transfers: none. Duet has no backend for transfers. The files, Wi-Fi credentials, contacts, 2FA codes, and text you send never reach us — they go device-to-device, end-to-end encrypted, and their contents are never written to permanent storage.

Diagnostics & usage (consent-gated): if you allow it, Duet sends Google's Firebase the data needed to keep the app working and improving:

• Crashlytics — crash/error reports: stack traces, app version, OS version, device model, and a random, resettable installation identifier. Never includes transfer contents.
• Analytics — aggregate, anonymous usage: screen/feature events, app/OS version, device model, coarse region, and a random app-instance identifier. Never includes transfer contents and is not used to track you across other apps.

This collection is off by default. Nothing is sent until you consent on first run, and you can withdraw consent any time from Settings → Manage ad & data choices. Google processes this as our data processor under Google's privacy policy and Firebase's terms; it is encrypted in transit and used only in aggregate, never to identify you.

How your transfers work

• What you send travels device-to-device: small items inside a QR code the other phone scans, larger items over a direct connection on your local network.
• All transfers are end-to-end encrypted. For local-network transfers, both devices first show a short visual code you confirm matches, so no one can be in the middle.
• The connection stays on your local network. No transfer data is sent over the internet, and none of it passes through us.
• Transfer contents are never written to permanent storage. Files you choose to save are written only where you direct them via your system's share/save sheet.

"Recently shared" (optional, on-device only)

If you turn it on, Duet keeps a local list of names/labels you approve — never file contents, passwords, keys, or session codes. It lives only on your device, is never transmitted, and you can clear it anytime.

Device permissions and why

• Camera — to scan the transfer QR code. No photos or video are recorded or sent.
• Local network / Internet — to make the direct device-to-device connection on your local network for larger transfers, and for the bundled Google ad/diagnostics SDKs. Your transfer contents are never sent to a server.
• Contacts — only if you choose to save a received contact.
• Files — you pick a specific file via the system document picker; Duet does not browse or index your storage.

Advertising

Duet is free and supported by ads served by Google AdMob, using only non-personalized ads: no advertising identifier (no IDFA; the Android advertising-ID permission is removed) and no cross-app tracking, so Duet shows no App Tracking Transparency prompt. The AdMob SDK still receives the coarse, non-identifying data needed to deliver an ad and prevent fraud (e.g. IP address, device type), handled by Google under its policies. In the EU/EEA you are shown Google's consent form (UMP). The same consent also governs analytics and crash reporting. We use no other trackers.

Tracking

Duet does not track you across apps or websites and does not use an advertising identifier. The diagnostics and usage data above are used only to operate and improve Duet — never to follow you across other apps or build an advertising profile.

Children

Duet is not directed at children and does not knowingly collect personal data from children. Ads are non-personalized, and analytics/crash reporting only run with consent.

Third parties

• Google AdMob — serves the non-personalized ads (above).
• Google Firebase (Analytics + Crashlytics) — the consent-gated diagnostics and aggregate usage data described above, processed by Google as our data processor.

We share no transfer contents and no personal identifiers — we hold none.

Changes to this policy

If we change this policy, we will update the effective date above and post the new version at this URL.

Contact

Questions about privacy: msquaregiza@gmail.com.

Polski (skrót): Duet nie śledzi Cię między aplikacjami. Brak konta i serwerów — to, co wysyłasz, przechodzi bezpośrednio z urządzenia na urządzenie, szyfrowane end-to-end, i nigdy do nas nie trafia. Aby utrzymać stabilność i poznać anonimowe, zbiorcze użycie, Duet korzysta z Firebase Crashlytics i Analytics — ale wyłącznie po wyrażeniu zgody, którą można odrzucić lub wycofać (Ustawienia → Zarządzaj zgodami na reklamy i dane). Reklamy są niespersonalizowane. Kontakt: msquaregiza@gmail.com.