Privacy Policy

Last updated: 2026-04-19

This policy explains what data PathDrop collects, why, and how it is handled.

Short version

What we collect

Heartbeat telemetry. On launch and periodically thereafter, PathDrop sends a small JSON payload to pathdrop.ca/api/heartbeat containing: your machine ID (a UUID derived from hardware), the app version, the OS platform, and your work email domain (derived from your synced cloud-drive account folder name, e.g. yourcompany.com). This data is used to verify your team's license and to count unique active installs.

Purchase data. When you buy a license, Lemon Squeezy processes the transaction and shares with us your email address, the product purchased, the order ID, and the billing country. This is stored to issue and manage your license.

Server logs. Our hosting provider (Vercel) records standard HTTP request metadata (IP address, user agent, path, timestamp) for security and debugging. These logs are retained for up to 30 days.

What we don't collect

Data sharing

We do not sell or rent your data. We share data only with service providers who help us run the Service: Lemon Squeezy (payments), Vercel (hosting), and Supabase (license database). Each is contractually required to protect the data.

Your rights

You may request a copy of the data we hold about your domain or deletion of your license record by emailing contact@pathdrop.ca. Uninstalling PathDrop stops further telemetry immediately.

Security

All requests to our servers use HTTPS. License data is stored in Supabase with access restricted to the service role key used by our API. Webhooks from Lemon Squeezy are verified with HMAC-SHA256 signatures.

Changes

We will update this policy if the way we handle data changes. The "Last updated" date above will reflect the most recent change.

Contact

contact@pathdrop.ca

← Home · Terms