§ 01The 30-second version
- The app only talks to our servers to verify your license and to check for updates. Nothing else.
- The app collects no telemetry, analytics, or crash reports — none, not even opt-in.
- We never have access to your files, your remote credentials, or your file contents.
- We do not sell, share, or rent any data we hold. We don’t hold much.
- We comply with GDPR, CCPA, and the principle of being a decent company.
§ 02What we collect
When you buy a license
Our payment processor (LemonSqueezy) collects: name, billing email, country, VAT/Tax ID where relevant, and payment method details. We receive name, email, country, and the license key — never card numbers.
When you activate the app
The app sends your license key and a randomly-generated machine identifier (UUID, not tied to hardware) to our license server. We store that pairing so we can validate up to your seat count.
When the app checks for updates
The app periodically asks captains-deck.com for the latest version manifest so it can tell you when an update is available. This is a standard update check — it sends your current app version and is handled by the Sparkle update framework. No personal data, no account info.
When you browse this website
This site (not the app) uses Google Analytics and the Reddit advertising pixel to measure traffic and the performance of our ads. They set cookies and record page visits, your approximate location, browser, and referring source. This applies to the website only — the app itself contains no analytics whatsoever. You can block them with any browser content blocker or by refusing cookies.
§ 03What we do not collect
- Anything you do inside the app — files browsed, paths visited, commands run, time of use.
- The contents of any file you copy, move, edit, or transfer.
- Your remote credentials (SSH keys, SFTP passwords, AWS keys). These live in your macOS Keychain and never leave your machine.
- Your IP address by the app or our license server, beyond the moment of license check (those logs are scrubbed after 30 days). The website’s analytics are covered in § 02 above.
§ 04How we use what we have
- License key + machine ID — to validate your installation and enforce seat counts.
- Email — to send you receipts, license keys, security advisories, and (one) yearly newsletter you can opt out of in one click.
That’s the entire list. We do not have a marketing automation platform, a data warehouse, or a CRM beyond a flat-file ledger of who bought what.
§ 05Where it lives
License-server data is stored on encrypted servers in the EU. Database access is limited to the developer. We retain license records as long as your license is active plus the period required by Greek tax law, then delete.
§ 06Your rights
You can email [email protected] to:
- See the data we hold about you
- Correct it
- Export it (JSON within 30 days)
- Delete it (note: this also revokes any active licenses tied to that account)
- Object to any specific use
Under GDPR you may also lodge a complaint with the Hellenic Data Protection Authority (HDPA). We’d rather you talked to us first.
§ 07Children
Captain’s Deck is not directed at children under 13. We do not knowingly collect data from them. If you believe a child has provided us data, write to us and we’ll delete it.
§ 08Changes
If we change this policy in any material way, we’ll email every paid user with a plain-English diff and a 30-day notice. Non-material edits (typo fixes, clarifications) are logged in our changelog.
Questions? [email protected] · or post anonymously on the contact form.