1. Information We Collect
We collect the following types of information:
- Account information: Name, email address, and password when you create an account.
- Payment information: Processed securely through Stripe. We do not store credit card numbers on our servers.
- Usage data: License activation status, software version, and feature usage to improve the Service.
- Device information: A hardware fingerprint (CPU, motherboard, BIOS identifiers hashed with SHA-256) used solely for license activation binding.
- Location data: Approximate location derived from IP address, used for license security and analytics.
2. How We Use Your Information
- To provide, maintain, and improve the Service.
- To manage your account and license activations.
- To process payments and send billing notifications.
- To detect and prevent fraud, abuse, and unauthorized license sharing.
- To send important updates about the Service (security alerts, policy changes).
- To provide customer support.
3. Hardware Fingerprinting
To enforce single-device licensing, the JFEM desktop application generates a unique hardware fingerprint by hashing hardware identifiers (CPU, motherboard, BIOS serial numbers) with a salt. This fingerprint is a one-way hash and cannot be used to identify your specific hardware components. It is used exclusively to bind your license to a specific machine.
4. Data Sharing
We do not sell your personal information. We share data only with:
- Stripe: For payment processing (subject to Stripe's privacy policy).
- Supabase: For database hosting and authentication (subject to Supabase's privacy policy).
- Law enforcement: When required by law or to protect our rights.
5. Data Security
We implement industry-standard security measures including encrypted data transmission (TLS/SSL), hashed passwords, JWT-based authentication with RS256 asymmetric encryption, and row-level security policies on our database. License tokens stored locally on your device are encrypted using your operating system's credential store (DPAPI on Windows).
6. Data Retention
- Account data is retained while your account is active.
- Payment records are retained for accounting and legal compliance.
- Audit logs are retained according to the configured retention period (default 90 days).
- Upon account deletion, your profile and license data are permanently removed. Payment records may be retained for legal compliance.
7. Your Rights
You have the right to:
- Access: Request a copy of your personal data.
- Rectification: Update or correct inaccurate data via your account settings.
- Deletion: Delete your account and associated data through the dashboard settings.
- Portability: Request your data in a machine-readable format.
- Objection: Object to processing of your data for specific purposes.
8. Cookies
We use essential cookies for authentication and session management. We do not use tracking cookies or third-party advertising cookies. Authentication tokens are stored in secure, HTTP-only cookies managed by Supabase Auth.
9. Children's Privacy
The Service is not intended for users under 16 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us for removal.
10. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be communicated via email or a prominent notice on our website. The "Last updated" date at the top reflects the most recent revision.