products
research
about me
contacts
privacy policy

Effective date: 11 May 2026
Websites: deadsimple.xyz, big-blind.xyz, askthecrowd.xyz, hello-hello.xyz, zenplants.rs

This Privacy Policy explains how we handle personal data when you use the Websites and our products. Controller / Contact: see Terms section 13) Contact & Legal Info.

1) What we sell, and what runs where

We sell downloadable Mac apps (currently PowerMic and RemoteCam). The apps run entirely on your Mac and process your audio or video locally. We don't receive your microphone audio, your camera video, or your VST/AU plugin settings. The only contact the apps make with our servers is a license check (a signed token tied to your account) and, if enabled, update checks via Sparkle.

2) Data we process

  • Account and contact data (email, name) from the social or passwordless sign-in you choose.
  • Billing data (charges, currency, tax country, tokenized payment info, invoices and receipts) — handled by Paddle as merchant of record. We do not see or store full card numbers.
  • Entitlement data: which product license your account holds, when it was granted or revoked, and the issued license token. Stored in our own Postgres database, keyed to your Auth0 user identifier.
  • Usage and technical data (IP, device / browser, server logs, crash reports, basic metrics, cookies / identifiers).
  • Support communications and related metadata.

For products that support social login, the provider (Apple, Google, …) may share your basic profile (email, name, avatar) for account setup. We do not receive your third-party password. We do not share data with third-party marketing partners.

3) Purposes & legal bases

  • Selling, delivering, and supporting the products; managing licenses and refunds (Art. 6(1)(b) GDPR — contract).
  • Security, fraud prevention, abuse detection, quality improvement, analytics (Art. 6(1)(f) GDPR — legitimate interests).
  • Marketing communications only with consent (Art. 6(1)(a) GDPR) — you can opt out anytime.
  • Legal compliance (Art. 6(1)(c) GDPR).

4) Sharing & processors

We use reputable processors: Paddle (payments and merchant of record), Auth0 (authentication and sign-in), Heroku (web hosting and Postgres database; entitlements and analytics are stored here), and Cloudflare (CDN and bot protection in front of the website). They process data only under our instructions and with appropriate safeguards. We do not sell personal data. Social login providers (Apple, Google) remain separate controllers for the data they hold.

5) International transfers

Where data is transferred outside your country or the EEA, we rely on appropriate safeguards (e.g. Standard Contractual Clauses) and risk assessments, and require equivalent protections from recipients.

6) Retention

We keep data only as long as necessary for the purposes above: account / billing records per statutory periods (typically up to 10 years for tax-relevant records); logs and analytics for limited periods; entitlement data for the lifetime of the license plus the audit-retention period. We may anonymize / aggregate data for statistics.

7) Cookies & analytics

  • Essential cookies for authentication and security.
  • Aggregated, first-party website analytics that we operate ourselves on our own servers. The data flow is cookieless: a per-tab session identifier lives in sessionStorage and is discarded when the tab closes; no persistent identifier is set, no cross-site tracking occurs, and no third-party scripts are loaded. We do not store IP addresses — the country code provided by Cloudflare is recorded for aggregated reporting; the User-Agent string is bucketed into broad categories (browser, OS, device type) before storage. Because no personal data is retained, a cookie / consent banner is not required for this analytics.
  • We do not use third-party advertising trackers; if this changes, we will update this Policy and provide in-product notices.

You can manage preferences in your browser.

8) Security

We apply reasonable technical and organizational measures appropriate to risk: TLS in transit, hashed/encrypted credentials handled by our identity provider, signed license tokens, and limited employee access. No method of transmission or storage is 100% secure.

9) Children

Not directed to children under 16. Do not submit children's data.

10) Your rights (EU/EEA & where applicable)

Access, rectification, erasure, restriction, portability, objection, and consent withdrawal. You can also lodge a complaint with your local supervisory authority. Contact [email protected] to exercise these rights.

privacy policyterms of use