Session uses onion routing to hide your IP address when uploading or downloading attachments from the Oxen File Server. In future, you will also be able to configure the Session app to use a custom file server, such as a self-hosted server or VPS (Virtual Private Server), if you would prefer not to use a file server hosted by the OPTF.
For metadata contained within the files themselves, all attachments stored on the server are encrypted and can only be decrypted by your chat partner(s) — so the Oxen File Server cannot see any metadata about files you send on Session. Currently, EXIF metadata is stripped when sending a file (except videos) sent from Desktop. If you want to make sure your chat partner cannot see metadata about a file, we recommend stripping the metadata before sending them the file — check out our how-to article here.