Policy

Privacy Policy

Last updated May 16, 2026.

Refractions is a desktop application that runs on your Mac. The presentation files you edit (.pptx, .docx, .xlsx, .pzfx) never leave your computer. The data we do process is described below.

1. Who we are

This site and the Refractions application (collectively, “Refractions”, “we”, “us”) are operated by Devmo Solutions, 181 Miles Standish Dr, Marlborough, MA 01752, United States. Contact us at [email protected].

2. Data we collect

2.1 Information you give us when you buy

  • Your email address and (optionally) billing name and tax ID, collected by Stripe on our behalf during checkout and shared with us so we can deliver your license key and issue an invoice.
  • A Stripe customer ID and checkout session ID, which let us look up your purchase if you contact support.
  • We do not receive or store your full payment card details. Stripe handles all card data; we only receive the customer and session identifiers above.

2.2 Information the application sends

When the desktop application validates your license — on first activation and once every 24 hours thereafter — it sends two fields to our license server:

  • Your license key.
  • A machine identifier: the SHA‑256 hash of your Mac’s hostname and primary MAC address. This is a one‑way hash, used only to count how many machines have activated a single license; it is not reversible and is not personally identifying.

We log the IP address and timestamp of each license check for fraud and abuse detection. We do not send the contents of, or any metadata about, the files you edit.

2.3 Information our website collects

The website uses one session cookie issued by Django for cross‑site request forgery protection. We do not currently run analytics, tracking pixels, or advertising scripts, so there is no cookie consent banner.

Our hosting provider records standard web server access logs (IP, user agent, URL, timestamp) for up to 30 days for security purposes.

2.4 Error reporting

If you opt in to crash reporting in the application, Refractions sends anonymized error stack traces to Sentry. We strip file paths, user names, and license keys before sending. You can disable this from the application preferences.

3. How we use your data

  • To deliver the product you bought (issuing a license key, validating it on activation). Lawful basis: performance of a contract.
  • To support you (looking up your purchase when you contact us). Lawful basis: legitimate interest.
  • To detect fraud and abuse (limiting how many machines activate a single license). Lawful basis: legitimate interest.
  • To meet legal obligations such as tax reporting and consumer‑protection record keeping. Lawful basis: legal obligation.

We do not sell your data, share it with advertisers, or use it to train machine‑learning models.

4. Sub‑processors

We rely on the following third parties to operate Refractions. Each has its own privacy policy and data‑processing agreement (DPA), which we have signed where required.

  • Stripe, Inc. — payment processing, tax calculation, invoicing.
  • Amazon Web Services (SES) — transactional email (license delivery, activation notice).
  • Functional Software Inc. (Sentry) — error reporting, only when opted in.
  • Our hosting provider, used for the website and license server (DigitalOcean / Hetzner / equivalent).

5. International transfers

Our servers are located in the United States and the European Union depending on the service. Where personal data is transferred outside your jurisdiction, we rely on the standard contractual clauses published by the European Commission and equivalent UK/Swiss mechanisms.

6. How long we keep your data

  • License records (email, key, activation log): for as long as your license is active and for 7 years after the last activity, to meet tax record‑keeping obligations.
  • Web server access logs: 30 days.
  • Error reports: 90 days.

7. Your rights

You can ask us to:

  • Confirm what personal data we hold about you.
  • Correct inaccurate data.
  • Delete your account and personal data (subject to tax record‑keeping obligations we cannot waive).
  • Export your data in a portable format.
  • Object to or restrict certain processing.

Email [email protected] with your request. We aim to respond within 14 days.

For EU / UK residents

You have the rights described in the GDPR (and UK GDPR). You also have the right to lodge a complaint with your local data‑protection authority if you believe we are mishandling your data.

For California residents

You have the right to know what personal information we collect, request deletion, and opt out of any sale of personal information. We do not sell personal information.

8. Security

The website and license server are served over TLS. License keys are stored in our database with restricted access. Access to production systems is limited to the operator and protected by SSH key authentication and multi‑factor authentication where the provider supports it.

9. Changes to this policy

If we make material changes to how we handle your data we will email registered customers and update the “Last updated” date above.