INFORMATION NOTICE ON THE PROCESSING OF PERSONAL DATA PURSUANT TO ART. 13 GDPR 2016/679
Data Controller: IdeaSolutions srl, represented by the legal representative p.t., registered office via Cimarosa 65, Naples, email: contacts@ideasolutions.it
Contact details of the Data Protection Officer (DPO): the DPO can be contacted at dpo@ideasolutions.it
Purpose and Legal Basis
This notice explains how the “Total Files” App processes users’ personal data.
Distinction between the free version and the ad-free (paid) version
Certain features of the App — including the display of advertising, the use of third-party advertising SDKs, any processing for advertising or profiling purposes, tracking for ad performance measurement, and consent management functionalities (CMP) — apply only to the free version of the App or to versions of the App where the user has not activated a subscription or functionality that removes advertising.
In the paid version of the App, or in versions where the user has an active subscription that disables advertising, these features are not used. In such cases:
- No advertising is displayed;
- Advertising SDKs are not loaded or activated;
- No advertising-related profiling is carried out;
- No tracking requests are sent to third parties for advertising purposes;
- Advertising identifiers (e.g., IDFA/GAID) are not collected or used.
All other sections of this Privacy Policy apply to both versions of the App unless explicitly stated otherwise.
1) Data Processing
The Data Controller processes the User’s personal data (Unique ID) solely for the purpose of ensuring the correct operation of the application (e.g., system diagnostics, statistics, etc.).
Data collection takes place automatically upon installation of the application and is retained only until the app is uninstalled.
The processing is based on the legitimate interest of the Data Controller to maintain service functionality and performance.
Legal basis: legitimate interest of the Data Controller.
1.a) Google User Data
If the user chooses to sign in or connect via Google services (e.g., Google Drive, Google Sign-In), the application accesses Google user data only for the purpose of providing the requested functionality.
- The app does not store Google account credentials, access tokens, or any personal data on external servers.
- The app does not access, view, or modify the content of files stored in Google Drive.
- Any temporary access granted through Google OAuth is used exclusively within the active session and automatically expires according to Google’s security policies.
Google user data is not shared, sold, or transferred to third parties under any circumstances.
The data is processed locally on the user’s device or through secure, encrypted channels when required to connect with Google APIs.
The application implements industry-standard security practices, including:
- Secure OAuth 2.0 authentication provided by Google
- Encrypted HTTPS communications
- Local-only file storage (no remote retention)
These measures are designed to protect Google user data from unauthorized access, disclosure, or alteration.
2) App Features
2.a) Connection to Cloud Drives
The user can connect to storage services (i.e. Google Drive, OneDrive, Dropbox, etc.) via direct login and access their files stored in these drives.
What we DO NOT do:
- We do not store any user access data (i.e., email address, password, login credentials) on servers or systems accessible by the company.
- We do not access the content of files in the drives.
- We do not retain file data on our servers.
2.b) Data Storage in Local Archive
Files downloaded or created by the user are saved only on the device (local memory). The Data Controller cannot view, modify, or access these files in any way. Moreover, we cannot retain or support the user in case of accidental deletion of files from the local memory of the device.
2.c) Activity History
The app records actions such as:
- Connections to cloud drives
- Downloads and uploads performed
The user can delete the history at any time from the appropriate section. In any case, the recording of such actions, as mentioned in the previous point, occurs only on the device, and the Data Controller cannot view, modify, access, or remove these elements.
3) Additional Permissions (Optional)
The app may request additional permissions only if strictly necessary for specific features, for example:
Geolocation: only if enabled by the user (via dedicated pop-up) for optional services.
Notifications: necessary to send alerts related to app activity (e.g., completion of an operation).
Access to device storage: necessary to save/export files to the local archive.
Permissions are requested in real-time via pop-up, with a clear explanation of the purpose.
The user can deny or revoke permissions at any time from the device settings.
4) “Invite a Friend” Feature
The invitation occurs via a link generated by the app, shared by the user through external applications (e.g., email, WhatsApp, iMessage).
The Data Controller does not collect the contacts of invited friends nor access shared content.
5) Advertising
Free version: we show non-personalized advertisements (e.g., generic banners).
It is possible, subject to consent to the relevant cookies, to receive personalized advertising. Reference is made to the cookies policy for this purpose.
Legal basis for non-personalized advertising: Legitimate interest (Art. 6(1)(f) GDPR).
Legal basis for personalized advertising: Explicit consent (Art. 6(1)(a) GDPR).
6) Security and Storage
Encrypted data: All communications with cloud drives take place through secure protocols.
The “Reset” function permanently deletes all local files and history.
7) Non-EU Transfers
In line with the sections of this document, the Data Controller does not transfer any data concerning user activity outside the EU, as the application does not have a server, and all user actions remain within the perimeter of local memory.
For all connections with external cloud spaces, reference is made to the policies of the connected external services, which users have previously accepted as they are already users/customers of the services used within the application.
8) User Rights (Articles 15-16-17 of EU Regulation 679/16)
The data subject has the right to access personal data; to obtain rectification or deletion of data or restriction of processing; to object to processing; to data portability; to withdraw consent without affecting the lawfulness of the processing based on consent given before withdrawal. All of the above applies to the activities and elements within the scope of the application in question, which does not involve any user registration or any data stored on servers about user accounts or personal data.
In the event of a violation of personal data processing, the data subject may lodge a complaint with the Data Controller, the Data Protection Authority, or the competent Judicial Authority.
The rights of the data subject may be exercised at the company’s registered office using the contact details indicated in the Data Controller section of this notice and with the Data Protection Officer using the contact details indicated in the Data Protection Officer section of this notice.