This policy explains which data may be processed by the B-Safe website and macOS application and for what purposes.
Through the contact form, we may collect your name, email address, company information and the message you submit.
To create support records and reduce spam or abuse, we may process IP address, browser details, language, category, an optional reference license key and limited session data.
The download counter stores only the date, app version and aggregate download count; it does not record IP addresses or browser details for this metric.
Payment is collected on a page hosted by Shopier. Card numbers and card security details are not sent to the B-Safe server.
To verify orders and deliver licenses, B-Safe may process the Shopier order ID, product ID, buyer name and email, payment status, currency, total amount, webhook event ID and generated license relationship.
When a full refund succeeds, licenses linked to the order may be revoked. Partial refunds are placed under manual review.
Files, folders, passwords, secure notes and vault content are processed on-device during normal vault creation, opening, preview and export workflows.
Vault names, file names, file paths, passwords and vault content are not sent in normal licensing, device-status or usage-data requests.
Usage-data sharing is off by default and starts only when enabled by the user in Settings.
When enabled, B-Safe sends a persistent random installation identifier, event type, app version, build number, macOS version, language preference and license tier. Because the installation identifier persists, this data is pseudonymous rather than fully anonymous.
This flow does not send file/vault names, file paths, vault content, passwords, license keys, device UUIDs, hardware fingerprints, emails or personal content. Disabling the feature removes the local installation identifier and last-send timestamp.
License activation and device checks may process the license key, product identifier, platform, bundle identifier, app/build version, persistent device UUID, one-way hardware fingerprint, device name and license device policy.
A namespaced SHA-256 hardware fingerprint is used instead of raw hardware data. These values enforce device limits, stop blocked devices and reduce license abuse.
B-Safe may check for updates through Sparkle. The update host may process standard connection logs; vault content is not attached to update requests.
In-app update data includes release information such as version, build, minimum macOS version, file length, download address and EdDSA signature.
Contact records are retained for a reasonable period based on the nature of the request and are deleted or anonymized when no longer needed.
Optional usage statistics are retained only for a reasonable period for product stability, version distribution and compatibility analysis.
Records subject to legal obligations may be retained for the period required by applicable law.
Your personal data is not sold or disclosed for commercial purposes unless required by law.
Limited sharing may occur with hosting, email or technical infrastructure providers only to the extent necessary to operate the service.
You may request access, correction, deletion or update of your personal data through the provided contact channels.
Requests are reviewed within a reasonable timeframe under applicable data protection laws.
