§ 01 Who we are
MacroDeck is operated by Damilola Onadeinde. For the purposes of GDPR, we are the data controller for the small amount of data we collect.
Contact for privacy requests: hello@macrodeck.app. A human reads every email.
§ 02 What the app collects
Nothing. We mean that literally:
- No crash reports sent to us automatically
- No usage analytics, no heatmaps, no feature flags
- No telemetry pings, not even on update checks
- No Apple/Google advertising ID access
- No network requests to our servers from the app after activation
When you record a session, every mouse movement and keystroke stays on your disk. We have no way to read it — the binary has no code to transmit it.
You can verify this claim yourself: run any network monitor (Little Snitch, Wireshark, Windows Resource Monitor) while using MacroDeck. The only outbound connections will be from your OS — not from us.
§ 03 What the website collects
Our marketing site macrodeck.app is served from Microsoft Azure (static hosting). We have no analytics script on it — no Google Analytics, no Mixpanel, no Plausible, no Fathom.
Your browser inevitably makes a request to our CDN to load the pages. The CDN provider (Azure) keeps short-term server logs (IP + user-agent + requested path) for security and abuse prevention. Azure's retention and security practices are governed by their own privacy statement.
We don't read those logs. We don't build dashboards from them. We don't export them.
§ 04 What we collect when you buy
When you purchase a license, we collect your email address (to send you the license key) and, for tax/billing purposes, your billing country and — if you're based in the EU or UK and provide one — your VAT number. Card details never touch our servers; they go directly from your browser to Stripe. We use the email to:
- Email you a signed license key (one-time, at purchase)
- Email you occasional critical updates (major version releases, security-relevant patches — we can count on one hand how many of these we'll ever send)
- Respond to you if you write to us first
We do not use your email to market to you, sell it to anyone, add you to a newsletter, or share it with partners. We don't have partners.
§ 05 Who our processors are
To run the business, we use three third parties:
- Stripe, Inc. — handles card payment processing. Stripe receives your full billing details (card, address, billing email, VAT number if provided) and performs fraud and identity checks. See Stripe's privacy policy.
- Resend — sends your license-key email. Resend sees your email address and the license content. See Resend's privacy policy.
- Microsoft Azure + Cloudflare — host the website and DNS. Standard-tier CDN providers with the server logs described above.
We've picked these specifically because they're GDPR-compliant and contractually signed up as data processors under our instruction.
§ 06 Cookies and tracking
Our site sets zero cookies by default. There is no cookie banner because there is nothing to consent to.
If you land on the checkout page, Stripe's embedded checkout may set its own cookies for fraud prevention and payment session continuity. Those cookies are governed by Stripe's privacy policy and expire as soon as your purchase completes.
§ 07 How long we keep your data
- Your email address — kept as long as your license is active (so we can re-send the key if you lose it). Delete on request at any time.
- Your purchase record — kept by Stripe for their regulatory obligations (typically 7 years, for financial record-keeping). We also retain basic purchase metadata (tier, date, amount) for tax and accounting purposes for the legally required period.
- Server logs — short-term (typically 30 days), deleted by Azure/Cloudflare automatically.
- Your recorded sessions — never touched by us. They live on your disk and you delete them.
§ 08 Your rights under GDPR / CCPA
Because we collect so little, most of these are quick:
- Access — we'll tell you exactly what we have (usually just your email + purchase date)
- Rectification — we'll correct it
- Erasure — we'll delete it; any further license re-send will require re-proving purchase through Paddle
- Portability — email us, we'll export in JSON
- Objection — if you object to processing, we stop
- Complaint — you can complain to the ICO (UK) or your local data protection authority at any time, though we hope you'd email us first
Contact: hello@macrodeck.app. We respond within 72 hours, usually much sooner.
§ 09 Children
MacroDeck is not directed at anyone under 16. We do not knowingly collect data from anyone under that age. If you believe a child has provided us with data, email us and we'll delete it.
§ 10 International transfers
Our processors operate globally. Where data flows across borders, we rely on Standard Contractual Clauses (SCCs) with each processor to maintain GDPR-equivalent protections. Stripe operates in the US under the EU-US Data Privacy Framework; Resend operates in the US under the same framework; Azure and Cloudflare operate globally under SCCs.
§ 11 Changes to this policy
If we change how we handle your data in any material way, we'll email you and update the "Last updated" date. We won't change the core promise (nothing phones home from the app) without a new major version, and even then only with prominent notice.