Privacy Policy
This Privacy Policy explains how XPERC, Inc. and XPERC LTD ("XPERC", "we", "us", "our") collect, use, and protect personal data when you use the MacLock application, websites, and related services (the "Service"). Your information is controlled by XPERC LTD and XPERC, Inc., which act as the data controller for the personal data described here.
1. Data We Collect
| Category | Examples | Why |
|---|---|---|
| Account / license | Email address, name, company name (optional) | To issue, deliver, and validate your license and provide support |
| Device data | A one-way salted hash of your Mac's hardware identifier, device name, activation and last-seen timestamps | To bind a license to a device, enforce seat limits, manage trials, and prevent abuse |
| Purchase data | Order amount, quantity, currency, Stripe checkout/session identifiers | To process payments and provide receipts and support |
| Support | Information you send us by email | To respond to your requests |
We do not store your full payment card details โ payments are handled by Stripe (see Processors). We store only a salted hash of your hardware identifier, never the raw identifier. MacLock does not read, transmit, or store the contents of your screen or the apps running behind the lock.
2. How We Use Data
- Provide, activate, and maintain the Service and your license.
- Process purchases, send license keys and receipts, and prevent fraud or licensing abuse (e.g., trial resets, seat sharing).
- Provide customer support and important service notices.
- Protect our legitimate business interests and legal rights, and comply with legal obligations.
3. Legal Bases (GDPR / UK GDPR)
If you are in the European Economic Area or the UK, we process your information only where we have a legal basis:
- Performance of a contract โ to deliver and validate your license and process orders.
- Legitimate interests โ to secure the Service, prevent abuse, and improve reliability, balanced against your rights.
- Legal obligation โ e.g., tax and accounting records.
- Consent โ where required (e.g., optional marketing emails), which you may withdraw at any time without affecting prior processing.
4. Processors and Sharing
We share data with service providers acting on our behalf under appropriate agreements, including Stripe, Inc. for payment processing (Stripe collects and processes your payment information under its own privacy policy), and email/hosting providers used to send license emails and operate our servers. We may also share information with XPERC affiliated companies, and in connection with a merger, acquisition, or sale of assets (with notice). We do not sell your personal data. We may disclose data where required by law or to protect our rights, users, or the public.
5. International Transfers
We operate globally and may transfer, process, and store your information outside your country of residence. Where we transfer personal data out of the EEA, the UK, or Switzerland, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses.
6. Data Retention
We keep license, device-hash, and order records for as long as your license is active and as needed to provide the Service, resolve disputes, prevent abuse, and meet legal and accounting obligations (financial records typically up to 7 years). When no longer needed, we delete or de-identify your information, or securely isolate it where deletion is not immediately possible (e.g., backups).
7. Your Rights
Depending on where you live, you may have the right to access, correct, delete, restrict, or object to processing of your personal data, to data portability, and to withdraw consent. To exercise these rights, contact info@xperc.com. You may also lodge a complaint with your local data-protection authority. We may need to verify your identity before fulfilling a request.
California (CCPA/CPRA)
California residents have rights to know, access, delete, and correct personal information, and to opt out of "sale" or "sharing." We do not sell or share personal information as defined by the CCPA/CPRA, and we will not discriminate against you for exercising your rights. Submit requests to info@xperc.com.
8. Security
We use industry-standard technical and organizational measures to protect personal data, including encryption in transit (HTTPS), one-way hashing of device identifiers, server-side Ed25519-signed license tokens, and encrypted storage of license credentials on your device (macOS Keychain). No method of transmission or storage is completely secure.
9. Children
The Service is not directed to individuals under 18, and we do not knowingly collect their personal data. If you believe a child has provided us data, contact us and we will delete it.
10. Changes to This Policy
We may update this Policy from time to time. We will post changes on this page with a new effective date and, if significant, provide more prominent notice. Prior versions are retained for your review.
11. Contact
Your information is controlled by XPERC LTD and XPERC, Inc. For privacy questions or to exercise your rights, contact info@xperc.com. If you are a resident of the European Economic Area, please contact us to reach our EU Representative.