Privacy Policy
Last updated: December 29, 2024
At Ludy, we believe your data belongs to you. Our apps are designed with privacy as a core principle, using on-device processing whenever possible to ensure your personal information stays on your device.
1. Our Privacy Philosophy
We build productivity tools that respect your privacy. Most of our applications process data entirely on your device using local AI models, meaning your notes, recordings, screenshots, and other content never leave your device unless you explicitly choose to share them.
2. Scope
This privacy policy applies to all applications and services published under the Ludy brand, including our macOS and iOS productivity apps, our website (ludy.app), and any related services.
3. Information We Collect
3.1 Information Processed Locally (Never Leaves Your Device)
The following data is processed entirely on your device and is never transmitted to our servers:
- Voice recordings and transcriptions
- Screenshots and screen recordings
- Notes and text content
- AI-generated summaries and refinements
- OCR text extraction results
- Local preferences and settings
3.2 Information Collected When You Use Our Services
We may collect limited information when you:
- Purchase a license: Payment processing is handled by Paddle. We receive your email address and license information to provide support and license validation.
- Use iCloud Sync (optional): If you enable iCloud sync, your data is stored in your personal iCloud account using Apple's CloudKit. This data is encrypted and only accessible by you.
- Contact support: If you email us, we collect your email address and message content to respond to your inquiry.
- Visit our website: Standard web server logs may include IP addresses and browser information for security and analytics purposes.
4. How We Use Your Information
We use the limited information we collect to:
- Provide and maintain our services
- Process purchases and manage licenses
- Respond to customer support inquiries
- Send important product updates (with your consent)
- Improve our products based on aggregate, anonymized usage patterns
5. Data Storage and Security
- Local data: Stored securely on your device using standard macOS/iOS security mechanisms.
- iCloud data: If enabled, stored in your personal iCloud account with Apple's encryption.
- License data: Stored securely by our payment processor, Paddle.
6. Third-Party Services
We use the following third-party services:
- Paddle: Payment processing and license management. View their privacy policy.
- Apple iCloud/CloudKit: Optional data sync across your devices. View Apple's privacy policy.
- Cloudflare: Website hosting and security. View their privacy policy.
7. Cookies and Tracking Technologies
7.1 What Are Cookies
Cookies are small text files stored on your device when you visit a website. They help websites function properly, remember your preferences, and understand how you use the site.
7.2 Cookies We Use
We use minimal cookies on our website:
- Essential Cookies: Required for basic site functionality and security. These include Cloudflare security cookies that protect against threats.
- Preference Cookies: Store your cookie consent preferences (stored in localStorage, not as a cookie).
7.3 Cookies We Do NOT Use
- Advertising or marketing cookies
- Cross-site tracking cookies
- Social media tracking pixels
- Third-party analytics that share data with advertisers
7.4 Managing Cookies
You can manage your cookie preferences at any time through our Privacy Preferences page. You can also control cookies through your browser settings. Note that disabling essential cookies may affect site functionality.
7.5 Global Privacy Control (GPC)
We honor the Global Privacy Control (GPC) signal. If your browser sends a GPC signal, we automatically treat this as a request to opt out of any sale or sharing of personal information (though we do not sell personal information regardless).
8. Data Retention
- Local data: Remains on your device until you delete it.
- License data: Retained as long as your license is active, plus any period required by law.
- Support communications: Retained for up to 3 years to provide ongoing support.
9. Your Rights
You have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data
- Object to or restrict processing of your data
- Data portability where applicable
To exercise these rights, contact us at [email protected].
10. For European Users (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR).
9.1 Legal Basis for Processing
We process your personal data based on the following legal grounds:
- Contract Performance: To fulfill our obligations when you purchase a license or use our services.
- Legitimate Interests: To improve our products, prevent fraud, and ensure security, where these interests are not overridden by your rights.
- Consent: For marketing communications and optional features. You may withdraw consent at any time.
- Legal Obligation: To comply with applicable laws and regulations.
9.2 Your GDPR Rights
Under GDPR, you have the right to:
- Access: Request a copy of your personal data.
- Rectification: Request correction of inaccurate or incomplete data.
- Erasure: Request deletion of your personal data ("right to be forgotten").
- Restriction: Request restriction of processing in certain circumstances.
- Portability: Receive your data in a structured, machine-readable format.
- Object: Object to processing based on legitimate interests or for direct marketing.
- Withdraw Consent: Withdraw consent at any time where processing is based on consent.
- Lodge a Complaint: File a complaint with your local data protection authority.
9.3 International Data Transfers
Your data may be transferred to and processed in countries outside the EEA. When we transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, or we rely on the recipient's participation in recognized data protection frameworks.
9.4 Data Protection Contact
For GDPR-related inquiries, contact us at [email protected]. We will respond to your request within 30 days.
11. For California Residents (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with specific rights regarding your personal information.
10.1 Categories of Personal Information
In the past 12 months, we may have collected the following categories of personal information:
- Identifiers: Email address (when you purchase a license or contact support).
- Commercial Information: Purchase history and license information.
- Internet Activity: IP address and browser information from website visits.
Important: Content you create in our apps (recordings, notes, screenshots) is processed locally on your device and is not collected by us.
10.2 How We Use Your Information
We use personal information for the business purposes described in Section 4 of this policy, including:
- Processing transactions and fulfilling orders
- Providing customer support
- Improving our products and services
- Ensuring security and preventing fraud
10.3 Sale and Sharing of Personal Information
We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. We have not sold or shared personal information in the preceding 12 months.
10.4 Your CCPA/CPRA Rights
As a California resident, you have the right to:
- Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you.
- Right to Delete: Request deletion of your personal information, subject to certain exceptions.
- Right to Correct: Request correction of inaccurate personal information.
- Right to Opt-Out: Opt out of the sale or sharing of your personal information (we do not sell or share your data).
- Right to Limit Use: Limit the use and disclosure of sensitive personal information.
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
10.5 How to Exercise Your Rights
To exercise your CCPA/CPRA rights, you may:
- Email us at [email protected]
- Include "CCPA Request" in your subject line
We will verify your identity before processing your request. You may designate an authorized agent to make a request on your behalf. We will respond to verifiable requests within 45 days.
10.6 California "Shine the Light"
California Civil Code Section 1798.83 permits California residents to request information regarding disclosure of personal information to third parties for direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.
12. Children's Privacy
Our services are not directed to children under 13 (or 16 in certain jurisdictions). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately and we will take steps to delete such information.
13. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we may also notify you via email or in-app notification.
14. Contact Us
If you have questions about this privacy policy or our privacy practices, please contact us at:
Email: [email protected]
Website: https://ludy.app