Privacy

Last updated: 23 May 2026.

superdeduper is open-source software you run locally on your own computer. By default it does not connect to the internet at all. The only data that ever leaves your machine is the data you opt in to send through the Leaderboard feature, described below.

The desktop app

The Windows app does not collect or transmit telemetry, analytics, or crash reports. Scan results, file paths, and any data about the files on your drive stay on your machine. We have no way to see what you scanned.

The leaderboard (opt-in)

If you choose to submit a benchmark result to the leaderboard at superdeduper.io, the app sends a single JSON document to our API. It contains:

• Hardware buckets — your CPU class (e.g. "modern x86_64 high-end"), RAM tier (e.g. "33–64 GB"), drive class (e.g. "NVMe PCIe 4"), and the OS version string.
• Workload buckets — number of files (e.g. "100k–1M"), total bytes (e.g. "100–1000 GB"), average file size (e.g. "1–10 MB"). Never the actual numbers, just the bucket.
• Result metrics — wall-clock duration, total bytes hashed, peak memory used, number of duplicate groups found, total bytes reclaimable.
• Run signature — a one-way hash of the file-size distribution. Used to detect whether two users ran against the same canonical test corpus. Cannot be reversed to identify the actual files.
• Your sign-in identity — if you signed in with Google to claim the result, we store your Google user ID and the username you chose. Your email is verified at sign-in but not retained.

What we never collect

• File names, file paths, or directory structure.
• File contents, or any hash that could be reversed to identify a file.
• Your hostname or local user account name.
• Your IP address beyond what's needed to serve the request (not retained in our logs after 14 days).

Sign-in

Sign-in uses Google OAuth. We receive your Google user ID, verified email, and basic profile info (name, picture) only at the moment you sign in. We store only the user ID and the username you chose. Sign out at any time from the app's Settings; you can also revoke our app's access in your Google account settings.

Deleting your data

You can permanently delete all leaderboard submissions tied to your account by signing in at superdeduper.io and using the "Delete my account" option, or by sending a request to the email below. Deletion is irreversible and removes both your account and every submission you've ever made.

Where your data lives

Leaderboard data is stored in AWS DynamoDB in the us-west-2 (Oregon, USA) region. The leaderboard frontend is served by Cloudflare from edge locations worldwide. Cloudflare and AWS each have their own privacy policies, which apply to the network layer they handle.

Contact

Questions, deletion requests, or privacy concerns: kwikksilva@gmail.com.

Changes

This page may be updated as the leaderboard feature evolves. The "Last updated" date at the top will change. Material changes (anything that expands what we collect) will be announced in the app's release notes.