Privacy Policy

Effective Date: August 3, 2025

1. Introduction

Welcome to SupaSidebar! Your privacy is important to us, and this Privacy Policy explains how we collect, use, and protect your information when you use our macOS application and website.

2. Information We Collect

SupaSidebar is designed with privacy in mind. We collect minimal information to provide and improve our services:

  • Email Address: When you purchase a license or contact support, we collect your email address for license management, authentication, and communication purposes.
  • License Information: We store license keys, activation status, and device associations to manage your SupaSidebar license and prevent unauthorized use.
  • Website Cookies: Our website uses cookies to maintain your session and remember preferences for the licensing and download system.

3. How We Use Your Information

We use your information for the following purposes:

  • License Management: To validate licenses, manage device activations, and ensure compliance with licensing terms.
  • Product Improvement: To analyze usage patterns, understand user behavior, and improve SupaSidebar's features and performance.
  • Customer Support: To provide technical support and respond to your inquiries about SupaSidebar.
  • Optional Communications: To send you important updates about SupaSidebar, new features, or significant changes to our service (you can opt out at any time).
  • Authentication: To verify your identity for license downloads and management through Firebase Auth.

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contractual Necessity: To provide our services, manage your account, and fulfill our obligations under our terms of service.
  • Legitimate Interests: To improve our products, analyze usage patterns, and enhance user experience.
  • Consent: Where required by law, such as for certain marketing communications.

5. Data Sharing and Third Parties

We use only essential third-party services to provide SupaSidebar:

  • PostHog: For privacy-focused analytics and user behavior analysis. When you purchase a license or log in, we identify your session by email address to track your journey from first visit to purchase, understand which marketing campaigns are effective, and improve our product. PostHog tracks page views, button clicks, and user interactions. We also capture UTM parameters (marketing attribution data) and referrer information to understand how users discover SupaSidebar. For EU users, PostHog tracking only begins after you accept cookies via our consent banner.
  • Firebase Auth: For secure authentication and license management. Google processes authentication data according to their privacy policy and industry security standards.
  • Vercel (Hosting Provider): Our website is hosted on Vercel. For GDPR compliance, we use Vercel's geo-location headers to detect if you're visiting from the EU, which requires processing your IP address. This determination is made server-side and your IP address is not stored or logged.

We do not sell, rent, or share your personal information with third parties for advertising or marketing purposes. We do not use tracking or advertising networks.

6. Cookies and GDPR Compliance

We use cookies to provide and improve our services. Here's how we handle cookies and ensure GDPR compliance:

  • Essential Cookies: Required for core functionality like license authentication and session management. These cannot be disabled as they are necessary for the service to work.
  • Analytics Cookies: PostHog uses cookies to track your anonymous session before purchase and identify you by email after purchase. These cookies enable us to understand user behavior, measure marketing effectiveness, and improve our product.
  • Cookie Consent for EU Users: If you're visiting from the EU, EEA, UK, or Switzerland, you'll see a cookie consent banner when you first visit our website. PostHog analytics will not run until you accept cookies. You can reject analytics cookies and still use the website, though some features may be limited.
  • Non-EU Users: If you're visiting from outside the EU, analytics cookies are enabled by default to help us improve our service and understand our users. You can still opt out by contacting us or clearing your browser cookies.
  • Managing Your Cookie Preferences: You can change your cookie preferences by clearing your browser cookies and refreshing the page, which will show the consent banner again for EU users. You can also opt out of PostHog tracking by enabling "Do Not Track" in your browser settings.

What Data Do We Collect With Cookies?

  • Anonymous distinct ID (before purchase)
  • Email address (after purchase or login)
  • Page views and navigation patterns
  • Button clicks and interactions
  • UTM parameters (campaign source, medium, campaign name)
  • Referrer (website you came from)
  • Device type and browser information
  • Session duration and return visits

7. Data Storage and Retention

SupaSidebar prioritizes local storage and minimal cloud data retention:

  • Local App Data: All your SupaSidebar data (saved apps, websites, folders, preferences, and shortcuts) is stored locally on your Mac using Core Data with iCloud sync. We do not have access to this personal data.
  • License Information: License keys and activation status are stored securely for as long as your license is active, plus reasonable time for support purposes.
  • Analytics Data: Usage data collected by PostHog (including page views, events, and user properties linked to your email after purchase) is retained for up to 2 years for analysis, marketing attribution, and product improvement purposes.
  • Email Communications: Email addresses are retained for license management and optional communications until you request deletion or opt out.

8. Your Rights

You have the following rights regarding your personal data:

  • Access: Request access to your personal data and information about how it's processed.
  • Correction: Request correction of inaccurate personal data.
  • Deletion: Request deletion of your personal data, subject to legal obligations.
  • Portability: Request a copy of your data in a structured, machine-readable format.
  • Objection: Object to processing of your personal data for legitimate interests.

9. Security

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website and updating the effective date.

11. Contact Us

SupaSidebar is developed and maintained by an independent developer. If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us at admin@supasidebar.com.