Privacy

Last updated: 24 May 2026.

SuperDeDuper is open-source software you run locally on your own computer. By default it does not connect to the internet at all. The only data that ever leaves your machine is data you affirmatively opt in to send through the Leaderboard feature, described below in detail.

We publish the exact wire schema for every leaderboard submission at api.superdeduper.io/api/v1/submit/schema.json. If anything on this page conflicts with that schema, the schema wins — file an issue and we'll fix the page.

The desktop app

The Windows app does not collect or transmit telemetry, analytics, or crash reports. Scan results, file paths, and any data about the files on your drive stay on your machine. We have no way to see what you scanned. Background checks for app updates are the only network traffic from a default install.

The leaderboard (opt-in only)

Opt-in is explicit: the first time you submit a scan, the app shows you the exact JSON document it's about to send, every field labeled. You can disable per-field sharing for sensitive items (GPU model, OS build) or opt out entirely. You can change your mind later from Settings → Privacy.

What's transmitted on every submission

What we never transmit

Sign-in identity (optional)

If you sign in with Google or Discord, we receive your provider's stable user ID, your verified email address (Google) or handle (Discord), and basic profile info (display name, profile picture) at the moment you sign in. We store only the stable user ID and a display name you choose; we do not retain your email after the verification step. You can sign out from the app's Settings panel and revoke our app's access at any time via your Google account settings (or Discord's app authorizations panel).

Pre-sign-in scans you've already submitted stay attached to your install_id, anonymously. Signing in links that install_id to your account so the achievements you've earned surface on a public profile. Signing in does not retroactively attach a real name to past anonymous submissions to anyone but you.

How we keep individuals from being identified

Deleting your data

Send a deletion request to the contact email below. Include either your install_id (if you can find it in %LOCALAPPDATA%\superdeduper\install.json) or your signed-in account email. We delete:

Deletion is irreversible. We'll confirm by email within 7 days. Once G3 ships, a self-service "Delete my account" button appears in the app's Settings panel; until then it's by email.

Where your data lives

Submissions and account records are stored in AWS DynamoDB in the us-west-2 (Oregon, USA) region. Static frontend assets are served by Cloudflare Pages from edge locations worldwide. Cloudflare's WAF + rate-limit rulesets sit in front of the API origin. Cloudflare and AWS each have their own privacy policies that govern the network and storage layers they operate.

Open dataset (eventually)

We intend to publish periodic anonymized aggregates of the leaderboard dataset — hardware distribution across the sd user base, feature adoption rates, throughput-by-hardware-class curves — so independent researchers and security folks can audit how the system behaves and what trends are emerging. These aggregates have K-anonymity and differential-privacy noise applied to small buckets so individual users can't be recovered from them. Publication starts after the dataset has enough volume to be meaningful (target: first quarterly report when we have ≥1000 active installs).

Contact

Questions, deletion requests, or privacy concerns: mickfixesjunk@gmail.com. Security-sensitive reports: prefer signed email; key is on request.

Changes

The "Last updated" date at the top of this page changes whenever we revise the policy. Material changes (anything that expands what we collect, retain, or share) are announced in the app's release notes one release ahead of the change taking effect, giving you time to opt out before the new behavior turns on.