Privacy Policy

What we collect, what we don't, and what happens when the app talks to the network.

Effective 30 April 2026 · Version 1.0

1. Scope

This Privacy Policy describes how Maciej Raciborski, Switzerland (the "Developer") handles personal data in connection with the Swift Salamander macOS application (the "App") and the marketing website at salamander.codesurfer.ch (the "Site"). It complements the Terms of Use; defined terms used here have the meaning given in the Terms.

2. What we don't collect

The App contains no telemetry, no analytics SDKs, no crash reporters, no advertising identifiers, and no third-party trackers. The App does not phone home with usage data, file names, file contents, file metadata, directory structure, search queries, hardware fingerprints, or installed-application lists.

The Site contains no cookies set by us, no analytics scripts (no Google Analytics, Plausible, Fathom, or equivalent), no advertising pixels, and no social-media trackers. The only outbound link from the homepage that leaves a third-party referrer is when you click through to Polar to purchase Pro.

3. What stays on your device

Everything the App needs to do its job is processed locally on your Mac. This includes:

• Your files and folders, file contents, and file metadata.
• Directory listings, search indexes, thumbnail caches, and the mtime-validated directory cache.
• The crash-recoverable operation journal (records of recent copy / move / delete / rename operations, used for undo and crash-recovery).
• App settings, accent colour, density, theme, sidebar pins, tab state, and other preferences.
• Configured cloud remotes (S3, Drive, Dropbox, SFTP, SMB, WebDAV, etc.) and any credentials they require, stored in your local rclone configuration.
• Your Pro license key, if any.

None of the above is transmitted to the Developer.

4. When the app talks to the network

The App makes outbound network requests in the following situations, and only in these situations:

4.1 Update checks

The App periodically requests an updater manifest from the Developer's hosting provider to determine whether a newer version is available. The request includes the current App version and the standard HTTP headers your operating system attaches automatically (User-Agent and your IP address). The hosting provider may log these briefly for abuse-prevention purposes; the Developer does not associate them with any identity. No license key, file data, or settings are sent.

4.2 License validation

If you have a Pro license, the App contacts a license-validation endpoint operated by the Developer to verify that the key is still valid. The request contains the license key (an opaque token issued by Polar at purchase) and the current App version. It does not contain your name, email, payment details, or any file data. The endpoint returns a yes/no and an expiry date.

4.3 Cloud-storage operations you initiate

When you copy to, move to, browse, or sync a remote you have configured (S3, Google Drive, Dropbox, SFTP, SMB, WebDAV, B2, OneDrive, FTP, etc.), the App connects directly to that remote using the credentials you provided. These transfers are routed through rclone running on your machine. The Developer is not in the path and never sees the data, the credentials, or the destination.

4.4 Waitlist and contact form

If you submit your email to the "Get release updates" or contact form on the Site, the form posts to a small server-side endpoint operated by the Developer. See section 6.

4.5 Purchase

If you click "Buy Pro" on the Site, you are sent to Polar to complete the purchase. See section 5.

5. Payments & Polar

Pro purchases (one-time licence, annual subscription, monthly subscription) are processed by Polar Software Inc. ("Polar"), acting as Merchant of Record. This means:

• Polar — not the Developer — is the legal seller of record for the transaction. Polar handles billing, tax collection, invoicing, chargebacks, and refunds.
• Your payment details (card number, billing address, name on card, etc.) are collected and processed by Polar and Polar's underlying payment processor. The Developer never sees them, never receives them, and cannot retrieve them.
• Polar shares with the Developer only the information needed to issue and manage your licence: your purchase email address, the product purchased, the licence key, the purchase date, the subscription status, and country of residence (for tax compliance).
• Polar's processing of your data is governed by Polar's own privacy policy, available at polar.sh/legal/privacy.

If you request a refund within the 14-day window or cancel a subscription, do so through Polar's customer portal (the link is in the receipt Polar sent you), or contact us and we will forward the request.

6. Waitlist & contact email

If you submit your email address through the "Get release updates" or contact dialogs on the Site, the Developer stores the address (and optional name) in a small private database operated by the Developer for the sole purpose of:

• Sending occasional release notes when major Pro features ship.
• Replying to a question or feedback message you sent.

The Developer does not share, sell, or rent waitlist or contact addresses to anyone. There is no newsletter platform, no email-marketing SaaS, and no mailing-list provider in the chain — just the Developer's own server. You can request deletion at any time by emailing [email protected]; addresses are removed within seven (7) days of the request.

7. Website, cookies & logs

The Site sets no cookies by default. The only persistent state stored in your browser is a single localStorage key (ss-theme) that remembers your light / dark theme preference for the Site. It is not transmitted anywhere.

The hosting provider that serves the Site keeps standard webserver access logs (timestamp, IP address, request path, User-Agent, response status) for short-term abuse-prevention and operational purposes. The Developer does not analyse these logs for usage statistics, does not aggregate them, and does not link them to any identity.

8. Retention

Waitlist / contact email

Kept until you ask us to delete it, or until the project is discontinued.

Server access logs

Up to 30 days, then rotated and deleted.

Update-check & licence-check requests

Not stored beyond the brief access log above.

Polar billing records

Retained by Polar according to Polar's policy and applicable tax law (typically several years for invoicing). The Developer keeps the minimum customer record needed to support your licence.

9. Your rights

If you are in the EU, the UK, Switzerland, or another jurisdiction that grants statutory data-protection rights, you have the right to:

• Ask what personal data the Developer holds about you.
• Ask for it to be corrected if inaccurate.
• Ask for it to be deleted ("right to be forgotten").
• Ask for a copy of it in a portable format.
• Object to a particular use, or withdraw consent at any time.
• Lodge a complaint with your national data-protection authority.

To exercise any of these rights, email [email protected]. For Polar-held billing data, contact Polar directly using the link in your purchase receipt.

10. Children

The App and the Site are not directed at children under 13 (or under 16 in jurisdictions where that is the applicable threshold). The Developer does not knowingly collect personal data from children. If you believe a child has submitted data, contact the Developer and it will be deleted.

11. Changes to this policy

The Developer may revise this Privacy Policy from time to time. The current version is always published at salamander.codesurfer.ch/privacy with an effective date. Where a change is material — for example, if a new category of data starts being collected — the App or Site will surface the change before the new practice takes effect.

12. Contact

For privacy questions, deletion requests, or data-rights enquiries: [email protected].

Postal contact: Maciej Raciborski, Switzerland. (A specific postal address can be provided on request for formal data-protection correspondence.)