TrueEdge ← Back to site

PRIVACY POLICY — TrueEdge

DRAFT — not legal advice; have a licensed attorney review before public launch.

Placeholders — fill these in before publishing

PlaceholderDescription
[BUSINESS_LEGAL_NAME]Full legal entity name (e.g., TrueEdge Software LLC)
[DBA_NAME]Brand/trade name (TrueEdge, unless changed)
[PRIVACY_EMAIL]Privacy/data-subject contact email (e.g., privacy@trueedge.cc)
[WEBSITE_URL]Root website URL (e.g., https://trueedge.cc)
[EFFECTIVE_DATE]Document effective date (e.g., 2026-08-01)
[FOUNDER CHOICE — TELEMETRY: Before publishing, choose Option 1 or Option 2 in §2D and delete the other. Do not publish both options. This is a blocking requirement — the policy must match the app's shipped behavior exactly.]
[FOUNDER CHOICE — MARKETING EMAIL: Before publishing, choose Option 1 or Option 2 in §4 and delete the other.]
[LAWYER: (1) If you knowingly sell to EU/UK users, confirm whether GDPR imposes a Data Protection Officer obligation or EU-representative requirement at your revenue/user-count level. (2) Confirm whether your volume in any US state crosses economic nexus thresholds that Gumroad as Merchant of Record does not cover. (3) Confirm the CCPA/CPRA "Do Not Sell/Share" statement in §8 is accurate given your actual data flows. Delete these notes before publishing.]
BLOCKING SHIP CONDITION — do not launch with unresolved items in §2C or §2D. An inaccurate Privacy Policy is itself an FTC Section 5 deceptive-practices violation, independent of any data misuse. Before launch: (1) the engineer must confirm whether the device identifier is stored locally only or transmitted to a licensing server, and rewrite §2C to state the true behavior; (2) QA must capture the actual network traffic on first activation and document exactly what is sent to what endpoint; (3) the founder (and ideally counsel) must approve the corrected paragraph; (4) the telemetry option in §2D must match shipped behavior.

Effective [EFFECTIVE_DATE]

[BUSINESS_LEGAL_NAME] ("[DBA_NAME]," "we") respects your privacy. This policy explains what we collect, why, and your choices. Our core design principle: your market data stays on your machine. We are a local-first desktop tool, not a cloud service.


1. Summary (plain language)


2. Information we process

A. License & purchase information (via Gumroad)

When you buy or verify a license, Gumroad (our payment processor and merchant of record) collects your payment details and email and issues a license key. We do not see or store your full card number. From Gumroad we receive and handle: your email address, license key, product/tier purchased, and subscription status (active, cancelled, refunded, charged back). We use this to grant access, enforce tiers, provide support, and detect fraud and abuse.

B. License validation data

When the app validates your license, it sends to Gumroad's license API (https://api.gumroad.com/v2/licenses/verify) your license key and our product ID, and receives back your subscription/purchase status. This request goes to Gumroad, not to a [DBA_NAME] server. If a [DBA_NAME]-controlled proxy or licensing server is added in the future, this section will be updated before shipping to disclose what is sent, logged, and retained.

C. Device identifier (for anti-piracy license binding)

[ENGINEER: Before publishing, confirm the exact shipped behavior and rewrite this paragraph to match it precisely. State whether the device identifier is (i) stored locally only, or (ii) transmitted to a licensing server (Gumroad's or a [DBA_NAME]-controlled server), what fields are sent, and what is logged. QA must capture actual first-run network traffic and confirm. This paragraph is a blocking ship condition.]

To limit a single license key to [DEVICE_LIMIT] devices, the app may generate a locally derived device identifier (a hashed fingerprint from stable hardware/OS attributes). [PLACEHOLDER — replace with one of the following and delete the other, depending on shipped implementation:]

D. Diagnostics / telemetry

[FOUNDER/ENGINEER: Choose ONE of the two options below and delete the other before publishing. The chosen text must match the app's actual shipped behavior.]

E. Support communications

If you email us, we receive your email address and whatever you include. We use it only to help you.

F. Website

[FOUNDER: Replace this paragraph with your actual website analytics stack before publishing.] Our website may use privacy-respecting, cookieless analytics (e.g., Plausible or Fathom) that do not track individuals across sites, and standard server logs (IP address, user agent) retained briefly for security purposes. We do not run behavioral advertising trackers. If you add any cookies or analytics that set persistent identifiers, add a cookie notice and update this section before doing so.


3. What we do NOT do


4. How we use information

To operate and license the Software; verify subscriptions and enforce tier and Free-Tier limits; prevent fraud, piracy, and abuse; provide support; comply with law; and, if you opted in, improve the Software via anonymous diagnostics.

Marketing email — [FOUNDER: Choose ONE and delete the other before publishing]:


5. Sharing

We share limited data only with: Gumroad (payments, licensing, and email delivery of receipts); [FOUNDER: list any email/support tooling, e.g., HelpScout] (support communications, if applicable); and authorities where legally required. These are service providers, not buyers of your data.


6. Data retention

We retain license and purchase records for as long as your license is active and thereafter as needed for tax, accounting, fraud-prevention, and legal compliance (typically up to 7 years for financial records). Local data (your datasets, results, and device identifier if stored locally) lives on your device and is deleted when you delete it or uninstall the app.


7. Security

We use reasonable technical and organizational measures to protect data we hold. No method is 100% secure. Because your market data never leaves your device, the primary data at rest with third parties is your Gumroad-held purchase record.


8. Your rights

Depending on where you live (e.g., California/CCPA-CPRA, EU/UK GDPR), you may have rights to access, correct, delete, or port your personal data, and to object to certain processing. To exercise them, email [PRIVACY_EMAIL]. We will verify your request via your purchase email. Note most personal data we can act on is your email and license record; your market data is already only on your own machine.

California "Do Not Sell/Share": We do not sell or share personal information as those terms are defined under the CCPA/CPRA.

[LAWYER: Confirm GDPR applicability and EU-representative obligations if you knowingly sell to EU/UK users. A US-only seller can often geofence or add an EU representative; decide deliberately before enabling EU/UK sales. Delete this note before publishing.]


9. Children

The Service is not directed to and may not be used by anyone under 18. We do not knowingly collect data from children.


10. International users

The Service is operated from the United States. If you use it from elsewhere, you consent to processing in the US and by our US-based processors (including Gumroad).


11. Changes

We will post updates here with a new Effective date. For material changes to data-handling practices, we will provide notice in-app or by email, and require your affirmative acceptance before the change applies to you.


Privacy contact: [PRIVACY_EMAIL]