§ 01The 30-second version
- The app does not phone home, ever, except to verify your license.
- We do not collect telemetry, analytics, or crash reports unless you explicitly opt in.
- We never have access to your files, your remote credentials, or your file contents.
- We do not sell, share, or rent any data we hold. We don’t hold much.
- We comply with GDPR, CCPA, and the principle of being a decent company.
§ 02What we collect
When you buy a license
Our payment processor (LemonSqueezy) collects: name, billing email, country, VAT/Tax ID where relevant, and payment method details. We receive name, email, country, and the license key — never card numbers.
When you activate the app
The app sends your license key and a randomly-generated machine identifier (UUID, not tied to hardware) to our license server. We store that pairing so we can validate up to your seat count.
When you opt in to crash reports
Off by default. If on, the app uploads stack traces and a small bundle of system context (OS version, app version, free memory) when it crashes. No filenames, no file contents, no paths under /Users/. Reports are tied to a random per-install token, not to your license or email.
§ 03What we do not collect
- Anything you do inside the app — files browsed, paths visited, commands run, time of use.
- The contents of any file you copy, move, edit, or transfer.
- Your remote credentials (SSH keys, SFTP passwords, AWS keys). These live in your macOS Keychain and never leave your machine.
- Your IP address beyond the moment of license check (logs are scrubbed after 30 days).
- Any kind of cookie, beacon, or third-party tracker on this website.
§ 04How we use what we have
- License key + machine ID — to validate your installation and enforce seat counts.
- Email — to send you receipts, license keys, security advisories, and (one) yearly newsletter you can opt out of in one click.
- Crash reports — to find and fix bugs, full stop.
That’s the entire list. We do not have a marketing automation platform, a data warehouse, or a CRM beyond a flat-file ledger of who bought what.
§ 05Where it lives
License-server data is stored on encrypted servers in the EU. Database access is limited to the developer. We retain license records as long as your license is active plus the period required by Greek tax law, then delete.
§ 06Your rights
You can email [email protected] to:
- See the data we hold about you
- Correct it
- Export it (JSON within 30 days)
- Delete it (note: this also revokes any active licenses tied to that account)
- Object to any specific use
Under GDPR you may also lodge a complaint with the Hellenic Data Protection Authority (HDPA). We’d rather you talked to us first.
§ 07Children
Captain’s Deck is not directed at children under 13. We do not knowingly collect data from them. If you believe a child has provided us data, write to us and we’ll delete it.
§ 08Changes
If we change this policy in any material way, we’ll email every paid user with a plain-English diff and a 30-day notice. Non-material edits (typo fixes, clarifications) are logged in our changelog.
Questions? [email protected] · or post anonymously on the contact form.