Privacy Policy

Last updated: March 28, 2026

BackupApp ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use the BackupApp desktop application and related services.

1. Information We Collect

License Information: When you purchase BackupApp, we store your email address (encrypted with AES-256) and a hashed version of your license key. This is used solely for license activation and account recovery.

Machine Identifiers: When you activate your license, we generate a one-way hash of your machine's hardware identifiers (hostname, CPU, platform). This hash cannot be reversed to identify your machine. It is used only to enforce the 3-device activation limit.

Payment Information: Payments are processed by Stripe. We do not store your credit card number, billing address, or other payment details. Stripe's privacy policy applies to payment processing.

2. Information We Do NOT Collect

• Your files: We never see, access, transmit, or store any of your files. File transfers happen directly between your computer and your chosen cloud provider (Google Drive, OneDrive, Dropbox, or S3-compatible storage).
• Cloud provider credentials: Your OAuth tokens and S3 access keys are stored locally on your machine in your operating system's secure keychain. They are never sent to our servers.
• Usage analytics: We do not track which files you sync, how often you use the app, or any behavioral data.
• File metadata: File names, sizes, paths, and sync history are stored locally on your machine in a SQLite database. This data never leaves your computer.

3. How We Use Your Information

• Verify your license key when you activate the app
• Enforce the per-license device limit (3 machines)
• Send you your license key via email after purchase
• Send a recovery email if you request license recovery

4. Data Storage and Security

Your encrypted email and hashed license data are stored in a PostgreSQL database hosted on Neon (AWS US East). All data is encrypted at rest and all communications use HTTPS with TLS 1.3.

We apply industry-standard security practices:

• Email addresses are encrypted with AES-256 before storage
• License keys are stored as bcrypt hashes (never in plain text)
• Machine identifiers are stored as SHA-256 hashes (irreversible)
• All API endpoints use HTTPS

5. Third-Party Services

BackupApp uses the following third-party services:

• Stripe — payment processing (stripe.com/privacy)
• Resend — transactional email delivery (resend.com/legal/privacy-policy)
• Neon — database hosting (neon.tech/privacy)

When you connect cloud providers through BackupApp, your use of those services is governed by their respective privacy policies (Google, Microsoft, Dropbox, AWS, etc.).

6. Data Retention

We retain your license data for as long as your license is active. If you request deletion, we will remove your encrypted email and license records within 30 days. Machine activation records are deleted immediately upon deactivation.

7. Your Rights

You have the right to:

• Request a copy of the data we hold about you
• Request deletion of your data
• Deactivate machines from your license at any time through the app

To exercise these rights, contact us at privacy@backupapp.app.

8. Children's Privacy

BackupApp is not intended for use by children under 13. We do not knowingly collect information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of BackupApp after changes constitutes acceptance of the revised policy.

10. Contact

For privacy-related questions or requests, contact us at privacy@backupapp.app.