What we collect
From the website (this page):
- Nothing. There are no analytics scripts, no cookies, no third-party fonts, no third-party CDNs. Your browser fetches HTML, CSS, the logo, and that's it.
- Our web server logs the IP address and timestamp of each request for 14 days for basic abuse defense (rate-limit if anyone tries to flood it). Logs are then deleted.
From the desktop app:
- When you open a room, your device connects to our signaling server and sends the room's id, a display name you pick, and the WebRTC connection handshake (the network info two devices need to find each other). It does not send your messages.
- If your network is too restrictive for a direct connection, your device may fall back to relaying its traffic through our TURN server. That traffic stays encrypted end-to-end — we can see that a relay is happening, not what's in it.
- A message you send while everyone else is offline is held — encrypted — on the signaling server for up to 14 days, then handed to the next person who opens the room and dropped after expiry.
What we can see
Because we operate the signaling server, we can see connection metadata:
- How many devices are connected right now and how many rooms are active.
- That a connection joined a particular room id, and when.
- The display name a device announces for itself.
There are no accounts, so none of this is tied to a real identity, and we don't publish it or build profiles from it. The only number we make public is a simple count of completed downloads — no per-user data, ever.
What we can't see, ever
Once two peers connect, chat and files flow directly
between their devices over an encrypted channel. On top of that, every
room's traffic is sealed with a key carried in the room's invite link —
it lives in the link's # fragment, which never reaches our
servers. So even the parts
that do pass through us — the offline backlog and any
TURN-relayed traffic — are ciphertext we can't open. We cannot intercept,
decrypt, or log any of the following, regardless of what someone might ask
us to do:
- The contents of your messages.
- The files you flipped (or even that a flip happened).
- Your reactions, edits, deletes, or pins.
Room keys are generated on your device and shared only through the invite link you send your friends. We never see them.
Cookies, ads, third parties
The site uses zero cookies. There are no third-party scripts on this page
— no Google Analytics, no Facebook pixel, no Plausible, no Cloudflare
Insights, nothing. The download link is hosted on the same server as the
site; downloading the .exe does not contact any third party.
There is no advertising and no plan to add any. Nothing here is monetized by “data”.
Children
Fliporium isn't designed for, marketed to, or particularly safe for children. If you're under 13, you shouldn't be using it.
Changes
If this page changes, the change shows up in the git history of the site repo (we don't run a stealth A/B framework — what you see here is what's deployed). If we ever start collecting more, we'll announce it loudly on the home page and you can yell at us.
Contact
Reach the maintainer at chris@fliporium.com — see the contact page for details.