← Back to Ferlay

Privacy Policy

Last updated: March 27, 2026

Ferlay ("the App") is an open-source mobile remote control for Claude Code sessions. Your privacy is important to us. This policy explains what data the App handles and how.

Data We Do Not Collect

Ferlay does not collect, store, or transmit any personal information. Specifically:

• No account or registration required
• No analytics or telemetry
• No advertising or ad tracking
• No location data
• No contacts, photos, or media access
• No crash reporting sent to external services

Data Stored Locally on Your Device

The App stores the following data locally using encrypted device storage (Flutter Secure Storage):

• Device ID — A randomly generated UUID used to identify your device to the relay server. This is not linked to your identity.
• Relay URL — The WebSocket endpoint for communication (default: relay.ferlay.dev).
• Paired device ID — The identifier of the daemon you paired with.
• Encryption key — An AES-256 key derived from X25519 key exchange, used for end-to-end encryption.
• Session cache — A local cache of your Claude Code sessions for offline viewing.

All of this data can be deleted at any time by using the "Unpair" option in the App's Settings screen.

Network Communication

The App communicates with a relay server (relay.ferlay.dev by default, or a self-hosted instance) via WebSocket. The relay server is stateless — it only forwards messages between your phone and your computer's daemon in real time. It does not store any messages or data.

All communication between the App and the daemon is end-to-end encrypted using X25519 ECDH key exchange and AES-256-GCM. The relay server only sees opaque ciphertext and cannot read any message content.

Camera Permission

The App requests camera access solely for QR code scanning during the one-time device pairing process. No images or video are captured, stored, or transmitted.

Third-Party Services

Ferlay does not integrate with any third-party analytics, advertising, or tracking services. The only external communication is with the relay server for its core functionality.

Data Deletion

To delete all data stored by the App:

• Open Settings in the App and tap "Unpair" — this clears all local data including keys, device ID, and session cache.
• Alternatively, uninstall the App to remove all stored data.

Since the relay server is stateless, there is no server-side data to delete.

Children's Privacy

Ferlay is not directed at children under 13. We do not knowingly collect any data from children.

Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated date. The source code for this page is available on GitHub.

Contact

If you have questions about this privacy policy, you can open an issue on the Ferlay GitHub repository.