Privacy Policy

Overview

Your privacy is extremely important to us. We believe that the less we know about you, the better. That is why we aim to limit the information we collect to the minimum necessary. The purpose of this document is to inform you about what information we collect from you when you use our app and website, how we use this information, and the choices you have regarding our use of, and your ability to review and correct the information.

For purposes of this Privacy Policy, the terms "Caret", "we," "us" and "our" refer to the company Caret.io Ltd, incorporated in Bulgaria with number 203812343 and its registered office is 111B Tsarigradsko shose, Incubator building, 1st floor, Sofia 1784, Bulgaria. The terms "app", "service" and "product" refer to the Caret software and related services. The term "website" refers to the website at caret.io and "you" refers to you, as a user of the app and the website as applicable.

Website Purchases

We use Paddle.com as a payment processing service, which allows Users to make online payments. When you make a purchase on caret.io, you provide your data directly to Paddle, and your transaction is subject to Paddle’s Privacy Policy.

On a successful purchase, we generate a license key and store it next to your name, email address and the time of the purchase on our server.

We retain license records indefinitely to facilitate license activations and support interactions. To request removal of your license record, contact [email protected].

Support Interactions

When handling support requests from you, we collect:

• your email address (or Twitter handle, if you contact us via Twitter)
• any information you provide voluntarily

This information is collected solely to help resolve your support inquiry. We retain support emails indefinitely in order to:

• have context from previous interactions which may help us answer your future questions more quickly
• identify broad trends in support requests, which may help us identify and solve problems with our products

If you would like to remove support emails you have sent, contact [email protected].

Usage Data

By default, the app collects information like app version, OS version, time spent in the app and user preferences. This data is anonymized before it is sent to us, and cannot be used to personally identify you.

We look only for broad patterns in the aggregated usage data, such as whether or not a particular feature is frequently used, or whether users in general, prefer one setting over another. This helps us make informed decisions about the future development of our app.

To be clear, we do not track individual user behavior in our app. We do not receive information from your device's displays, cameras, or microphones.

We retain usage data for 14 months.

Crash Logs

By default, if the app crashes while you're using it, anonymized data about the crash will be collected to help us identify the cause of the crash and hopefully fix it in a future update. These "crash logs" contain information such as the state of the app, operating system, and device at the time of the crash, but not your private data.

We retain crash logs for 30 days.

Update Checking

By default, the app periodically checks to see if a newer version is available so that you can be given the choice to update if you wish. It sends update requests that contain app version and OS version. We use this information to guide you to the correct update version.

Similarly, the app may also check with our server when opened to see if there is news about the app to show you. We call this the "soapbox". We might use the soapbox infrequently to, for example, alert you to a significant app update or advise you on how to work around a serious bug. Soapbox requests send only similar metadata to an update check, and no private data is sent.

We retain metadata from update checking and soapbox requests for 6 months.

Activation

Activation is the process by which the app verifies that you are a legitimately licensed owner of the app.

An activation request is performed when you enter a license key to activate the app and may be repeated from time to time by already activated products.

The activation process consists of a single request sent to our server, containing the license key that you entered into the app. The server verifies whether the license key is valid, and replies with a confirmation if so. Otherwise, an error message is sent back for the app to display to you.

We retain activation information indefinitely. To request removal of your activation information, contact [email protected].

Email List

We provide a newsletter for which you can subscribe with your email address at our website. If you subscribe, the email address you provide will be added to our email list. Our email list is low volume (only a few messages per year is typical) and is limited to product and feature announcements.

We do not sell or otherwise disclose any portion of our email list to third-parties, with the exception of the vendor that provides our mailing list services as necessary to distribute the emails.

If you join our email list, we retain your email address until you ask to be removed. Instructions on how to unsubscribe are contained in all messages sent to the email list.

Logging

When you interact with our servers using a web browser, or indirectly by network requests sent on your behalf by our app, some metadata about the request is logged. This metadata may include:

• your IP address (may reveal your approximate geographic location)
• the name of the resource requested
• the name and version number of the software making the request (may reveal information about your web browser, operating system, and their configuration)
• whether or not the request was successful
• current date and time

We generally don't look at these logs unless a server is malfunctioning or appears to be getting used in a malicious way. We may look at the information in aggregate to see broad statistics such as how many times our app have been downloaded, or from which source an unusually high amount of network traffic is arriving.

We retain web server logs for 3 months.

Third-Party Vendor Services Used

• Payment processing is managed by Paddle.
• Email list services are provided by MailChimp.
• Web analytics services are provided by Google Analytics.
• Communication tools we use internally include Spark, GitHub and Telegram. Customer information may pass through these services as customer support processes occur.

Data Not Collected

Except as described above, and as required to perform the app's core functionality at the user's request, the app does not send out any private information.

This includes:

• Information from device sensors
• Your keyboard input
• Screen contents
• Network traffic
• Hostnames
• Usernames
• Passwords
• SSH / Encryption keys
• Contents of files you are working with

Rights of EU Citizens Under GDPR

Citizens of the EU may exercise their rights under the General Data Protection Regulation, such as the rights of access and erasure, by contacting us with their request. We recommend emailing the request to contact us.

Questions and Feedback

Our privacy policies might change or be edited for clarity over time. Up-to-date information will always be available from this page.

Please contact us if you have any questions about our data collection or privacy policies. We'll be more than happy to discuss them with you.

Last updated: June 1, 2018