Privacy policy
SealedBrief is a local-first product. The desktop application processes your documents on your machine and sends nothing to us. The website you are reading collects only what is required to sell, deliver, and support a software license. This policy enumerates exactly what is collected and where it lives.
1. What we collect on this website
When you buy a SealedBrief license, the checkout is handled by
Stripe. Stripe holds your card
data; we never see it. Stripe sends us a webhook containing the customer email address, the
price ID, and a Stripe customer ID. We persist the resulting license record — a binding of license_id to email address — in a private database operated solely for license issuance and revocation.
We do not run analytics, advertising, or behavioural tracking on this website. There is no Google Analytics, no Meta Pixel, no third-party ads, and no first-party cookies set by us.
2. What the desktop app collects
Nothing. The desktop application has no network egress from the compute plane (the part that
touches your documents) by design, verified by automated tests that ship with the product.
The presentation plane connects to our license server only to validate your license_id on launch and to fetch the revocation list. Neither connection sends document contents, queries,
or any derived data.
After V1.0 launch, the desktop application may offer an opt-in crash-report channel. If you opt in, anonymised stack traces are sent to a self-hosted error aggregator. The opt-in is off by default and toggleable in app settings; the data sent never contains document text, file paths, or query content.
3. What we share
We share data with three categories of subprocessor:
- Stripe — payment processing. Stripe handles your payment data under their own privacy policy.
- Amazon SES — transactional email delivery (license email after purchase, refund confirmation). SES sees your email address and the message body. It does not see anything about your documents.
- Cloudflare — hosts this website and its CDN edge cache. Cloudflare may log standard request metadata (timestamp, IP address, user agent) per its operational policy. This is server-log scope only; we do not query, store, or join Cloudflare logs against license data.
We do not share data with anyone else. We do not sell, trade, or rent any data we hold.
4. How long we keep data
We keep your license_id ↔ email binding for as long as your license is active. If
you ask us to delete your account, we delete the binding within 30 days. Stripe retains its own
copy of the transaction record per its policy, which we cannot influence.
Transactional email logs at Amazon SES are retained per their retention policy (default 14 days). We do not extend those retention windows.
5. Your rights and contact
You can request access to, correction of, or deletion of the data we hold about you by writing to privacy@sealedbrief.com. We respond within 30 days. If you are an EU or UK resident, the legal basis we rely on for processing is the contract you entered into when buying the license.
This policy is a v1 stub written by the engineering team ahead of V1.0 launch. A formal legal review is queued for the post-launch backlog. If our practices change, we will publish an updated policy at this URL with a new "last updated" date.