Codekitapp.com uses Google analytics. There are no other analytics tools or advertising tools embedded on any page. Other than what Google analytics records by default, I collect no other information from you as you visit pages on this website.
When you place an order, I collect and store:
I do NOT store or even transmit to my server any credit card information (number, expiration date, CVC, brand name). This information is sent via client-side script from your browser directly to Stripe for processing. I receive from a Stripe a "token" that tells me whether the charge to your card succeeded or failed. I do not receive any card information.
Your order information is stored in a database on a server that physically exists in a secure data center. The server runs CentOS7, is kept up to date, and is accessible only via SSH key. I am the only person in possession of that SSH key. All backups of my SSH keys are encrypted in transit and at rest using AES256. The server uses TLS 1.2 for every page served on the website and will not serve unencrypted requests.
The orders database is backed up daily to my Mac. This backup is sent encrypted via SSH Tunnel and is encrypted at rest on my machine. The Mac where this backup is stored is always on the latest version of macOS running on hardware with Apple's T2 chip with FileVault enabled. The administrator password for this Mac is over 40 characters long and is stored nowhere. TouchID is not enabled for this machine. (This is also the machine where the source code for all my apps resides, so its security is absolutely imperative to me.) Backups of my personal Mac are encrypted in transit and at rest using AES256.
The only time I create a cookie is if you arrive at codekitapp.com by clicking on a link at certain third-party websites that have a referral program with me. This cookie remains valid for two weeks and simply records the person/website that referred you to CodeKit. If you purchase a license within those two weeks, the referrer receives credit for that sale.
CodeKit includes no analytics packages. I do not track my users or their use of my app.
CodeKit "phones home" in very limited circumstances:
When CodeKit contacts my server for license activations I record the timestamp of the activation, the IP address of the computer where the license was used, and the license activated.
When CodeKit contacts my server to download the list of packages available to install, I store no information.
When CodeKit contacts my server to check for updates, certain anonymous usage information is included such as the version of macOS you're running, the version of the app installed, your license email address, etc. This information is not stored. It is required to determine the updates for which you are eligible.
Every call from the CodeKit app to my server at codekitapp.com is encrypted using TLS 1.2. The CodeKit app contains links to other third party websites (such as documentation for various tools) that use HTTPS whenever possible. Some of these tools do not offer HTTPS and in that case those requests are sent via HTTP. None of your personal information (other than IP address, which is required to receive a response) is sent when you click a third-party link in CodeKit.
You may opt-out of checking for CodeKit updates by unchecking the box in Preferences. I strongly recommend against that. I update the app religiously with bug fixes, new features, and revised tooling. Disabling update checks is shooting yourself in the foot.
You may not opt out of license validation while using CodeKit.
If you would like your information permanently deleted, I am happy to do so. However, your license will be terminated and CodeKit will revert to "read-only" mode. It is not possible to use a license without a record in my server's database. If you opt to delete your information, the purchase price of the license and any renewals you have made will not be refunded.
To delete or receive a copy of your information, email me.
Your information is used to validate your CodeKit license, determine update eligibility, and send you transactional emails such as new copies of your license/receipt. Other than that, I do absolutely nothing with it. I have never and will never sell or give my customer list to any third party. No one other than myself has access to it.
Very occasionally, I may send you an email to notify you of major new releases or an upcoming license expiration. You can easily opt out of those emails if you so choose.