Privacy Policy
Last updated: 23 April 2026
TL;DR
PrivMark is a desktop app that runs entirely on your machine. We don't collect telemetry, analytics, or crash reports. License activation is fully offline (no network call). The app only contacts the network for optional update checks (which you can disable). Your documents never leave your computer.
Who we are
Wolfberry AB, a Swedish limited company (org.nr 559269-4599, VAT SE559269459901), is the data controller for PrivMark. Support: hello@privmark.app. Billing: payments@wolfberry.se.
What we collect and why
License activation (zero network calls)
Activation happens entirely on your device. The license file you receive by email after purchase contains an Ed25519 digital signature, which PrivMark verifies using a public key embedded in the app. No data is sent to us — activation is local, works fully offline, and leaves no record on any server.
- Legal basis: contract performance (GDPR Article 6(1)(b))
- Recipient: none — verification is local
- Transmitted: nothing
License issuance (on your purchase)
When you buy PrivMark Pro, our licensing service (a Cloudflare Worker operated by Wolfberry AB in the EU region) generates a signed license file from your order details and emails it to you via Resend, Inc. Your personal data stays within this pipeline — we do not share it with third parties beyond the sub-processors listed below.
- Legal basis: contract performance (GDPR Article 6(1)(b))
- Recipients: Cloudflare, Inc. (Worker runtime + D1 database); Resend, Inc. (email delivery)
- Transmitted: your email address, order id, license key, purchase timestamp
- Not transmitted: your name, payment details (those stay with the Merchant of Record), documents, or usage
Update checks (optional, on launch)
If automatic updates are enabled (the default), PrivMark fetches latest.yml from GitHub Releases approximately 3 seconds after launch to see if a newer version is available. GitHub receives your IP address and user-agent as part of this standard HTTP request. You can disable this at any time in Settings → Updates, or permanently by launching the app with --no-auto-updates.
- Legal basis: legitimate interest in providing security updates (GDPR Article 6(1)(f))
- Recipient: GitHub, Inc.
- Transmitted: none from our side; GitHub logs standard request metadata
Purchase (if you buy a license)
Payment is handled by our Merchant of Record, Polar Software AB (Stockholm, Sweden). Polar collects the personal data required to process payment and issue invoices (name, email, billing address, VAT number if applicable). We receive only the information needed to issue and track your license: your email, order id, and amount. For Polar's own privacy practices, see polar.sh/legal/privacy.
What we don't do
- No telemetry, usage analytics, or feature tracking
- No crash reporting (no Sentry, no Bugsnag, no Google Crashpad)
- No advertising identifiers
- No cookies (the app is not a web app; the landing page uses none)
- No document content leaves your device — ever
- No account required to use the app
Data stored on your device
PrivMark stores the following files locally, in your operating system's user data directory:
- settings.json — your preferences
- window-state.json — last window size and position
- license.privmark — your signed Pro license file (if licensed)
- trial.json — trial start date (if in trial)
These files never leave your device. Deleting the app removes them.
Retention
We retain purchase records (email, order id) for as long as required by Swedish bookkeeping law (bokföringslagen, 7 years). License records remain in our database indefinitely so we can reissue licenses if customers lose their copy. Upon request we will delete personal data where legally possible (see "Your rights" below).
Your rights under GDPR
If you live in the European Economic Area, Switzerland, or the United Kingdom, you have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Request deletion (subject to our bookkeeping retention obligations)
- Receive your data in a portable format
- Object to processing based on legitimate interest
- Lodge a complaint with your local supervisory authority (in Sweden: Integritetsskyddsmyndigheten)
To exercise any of these rights, email hello@privmark.app.
Sub-processors and international transfers
We use the following sub-processors to deliver PrivMark:
- Polar Software AB (Stockholm, Sweden) — Merchant of Record for payment processing
- Cloudflare, Inc. (US) — Workers runtime, D1 database (EU region), R2 storage
- Resend, Inc. (US) — transactional email delivery for license files
- GitHub, Inc. (US) — release hosting for app updates
Transfers to US-based providers are governed by Standard Contractual Clauses and, where applicable, the EU–US Data Privacy Framework.
We also retain a policy date trail so you can review what the list looked like at the time of your purchase. Past entries remain in the repository's git history on GitHub.
Changes to this policy
If we make material changes, we'll update the date at the top of this page and — for existing customers — notify you via email to the address associated with your purchase.