Privacy Policy

Last updated: April 12, 2026

This Privacy Policy describes how BoldoSync ("the App"), developed and operated by Boldo ("we", "us", "our"), handles your information. BoldoSync is a macOS desktop application that archives local files to Google Drive.

1. Information We Access

BoldoSync accesses the following information solely to provide its core functionality:

• Google Account Authentication: We use Google OAuth 2.0 to authenticate your Google account. We receive an access token and refresh token to interact with the Google Drive API on your behalf.
• Local File Metadata: The App scans your selected watched folders to collect file names, paths, sizes, and SHA-256 hashes for the purpose of determining which files need to be uploaded, updated, or have been archived.
• Google Drive File Metadata: The App reads file IDs, names, and sizes from your Google Drive to verify successful uploads and manage folder structure.

2. How We Use Your Information

All data accessed by BoldoSync is used exclusively for:

• Authenticating with Google Drive on your behalf
• Scanning local folders to identify files for backup
• Uploading files to your Google Drive account
• Verifying upload integrity through hash comparison
• Removing local copies of verified archived files
• Displaying sync status, history, and statistics within the App

3. Data Storage

BoldoSync stores all data locally on your Mac:

• OAuth Tokens: Stored securely in the macOS Keychain.
• File Manifest Database: A local SQLite database tracks file status, hashes, and sync history. This database is stored within the App's sandboxed container.
• No Cloud Storage: We do not operate any servers. No data is sent to Boldo or any third party. The only external service the App communicates with is the Google Drive API.

4. Data Sharing

We do not share, sell, rent, or transfer your personal data to any third parties. BoldoSync communicates exclusively with:

• Google OAuth servers (for authentication)
• Google Drive API (for file operations)

5. Google API Disclosure

BoldoSync's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

6. Data Retention

The local database retains file manifest records and backup history for as long as the App is installed. You can clear sync history and file records at any time through the App's dashboard. Uninstalling BoldoSync removes all locally stored data.

7. Security

BoldoSync is built with security in mind:

• Runs within the macOS App Sandbox
• Uses macOS Keychain for secure token storage
• Authenticates via OAuth 2.0 with PKCE (no client secrets stored in the app)
• Verifies file integrity using SHA-256 hashing
• Uses HTTPS for all API communication

8. Your Rights

You have full control over your data:

• You can revoke Google Drive access at any time via your Google Account permissions
• You can delete all local data by uninstalling the App
• You can clear sync history and file records from the App's dashboard

9. Children's Privacy

BoldoSync is not directed at children under 13. We do not knowingly collect data from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected on this page with an updated "Last updated" date.

11. Contact

If you have questions about this Privacy Policy, contact us at:

contato@boldo.ag

Boldo — boldo.ag