Privacy Policy
Last updated: January 4, 2026
This policy explains how Dark Matter collects, uses, and protects your data. We believe in transparency and keeping things simple.
The short version: We collect what we need to provide the service, we don't sell your data, and we take security seriously.
✦
1. What We Collect
Account Information
When you create an account, we collect:
- Email address: For authentication and communication
- Name: Optional, for personalization
- Organization name: Optional, for team accounts
Payment Information
For paid plans, we use Stripe to process payments. We do not store your full credit card number. Stripe collects and stores:
- Card last four digits (for display purposes)
- Billing address
- Payment history
See Stripe's Privacy Policy for details.
Usage Data
We collect data about how you use Dark Matter:
- API requests: Timestamp, endpoint, response status
- Update deployments: App ID, version, platform, channel, bundle size
- Update deliveries: Device ID (hashed), timestamp, success/failure
- TUI usage: Feature usage patterns (no keystroke logging)
Device Information (from your app's users)
When devices check for updates, we receive:
- Device identifier: A hashed ID for rollout bucketing (not personally identifiable)
- Platform: iOS or Android
- App version: Current bundle and binary version
- Channel: The update channel (e.g., production, beta)
We do NOT collect: location, contacts, photos, or any personal data from your users' devices.
Technical Data
- IP addresses: For security, rate limiting, and analytics (anonymized after 30 days)
- Log data: Server logs for debugging and security
2. How We Use Your Data
We use your data to:
- Provide the service: Deliver updates to your users' devices
- Process payments: Bill you for paid plans
- Communicate: Send account-related emails (receipts, security alerts, service updates)
- Improve the service: Understand usage patterns to make Dark Matter better
- Ensure security: Detect and prevent abuse, fraud, and unauthorized access
- Provide support: Help you when something goes wrong
We do NOT:
- Sell your data to third parties
- Use your data for advertising
- Share your data without your consent (except as required by law)
3. Data Sharing
We share data only with:
- Stripe: Payment processing
- Supabase: Database and infrastructure hosting
- Cloud providers: For storing and delivering your update bundles
- Analytics tools: Aggregated, anonymized usage statistics
All third-party providers are bound by data processing agreements and are required to protect your data.
We may disclose data if required by law, court order, or to protect our rights, safety, or property.
4. Data Storage and Security
Where We Store Data
Your data is stored on servers in the United States. Update bundles are distributed via global CDN for fast delivery worldwide.
How We Protect Data
- Encryption: All data is encrypted in transit (TLS) and at rest
- Access controls: Strict internal access policies
- API keys: Hashed and never stored in plain text
- Monitoring: Continuous security monitoring and alerting
- Backups: Regular encrypted backups with tested recovery procedures
Data Retention
- Account data: Retained while your account is active, deleted within 30 days of account deletion
- Update bundles: Retained while your account is active, deleted within 30 days of removal
- Logs: Retained for 90 days, then deleted or anonymized
- Payment records: Retained as required by law (typically 7 years)
5. Your Rights
Depending on your location, you may have the right to:
- Access: Request a copy of your data
- Correction: Request we correct inaccurate data
- Deletion: Request we delete your data
- Portability: Receive your data in a portable format
- Objection: Object to certain processing of your data
- Restriction: Request we limit how we use your data
To exercise these rights, contact us at privacy@dark-matter.io.
For EU/EEA Users (GDPR)
We process your data based on:
- Contract: To provide the service you signed up for
- Legitimate interests: To improve our service and ensure security
- Consent: For optional communications (you can withdraw anytime)
- Legal obligation: To comply with laws
For California Users (CCPA)
California residents have additional rights:
- Right to know what data we collect and how it's used
- Right to delete your data
- Right to opt-out of sale (we don't sell data)
- Right to non-discrimination for exercising your rights
6. Cookies
We use minimal cookies:
- Authentication: To keep you logged in
- Preferences: To remember your settings
We do NOT use:
- Advertising cookies
- Third-party tracking cookies
- Social media cookies
7. Children's Privacy
Dark Matter is not intended for children under 13. We do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it.
8. International Transfers
If you're outside the United States, your data will be transferred to and processed in the US. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses where applicable.
9. Changes to This Policy
We may update this policy from time to time. We'll notify you of material changes via email or through the service. Continued use after changes constitutes acceptance.
10. Contact Us
Questions about privacy? We're here to help:
privacy@dark-matter.io
For general inquiries: hello@dark-matter.io
â—‡