Privacy Policy

Last updated: June 2026

Short version: Crate is a desktop app. It processes your files locally on your machine. We don't see your files, we don't track you, and we collect as little data as possible.

1. What Crate (the app) collects

Crate runs entirely on your computer. Your audio files, session data, and .crate packages never leave your machine through us. There is no tracking, no user profiling, and no cloud connection. The app works fully offline.

The desktop app makes two kinds of network requests:

• Update check — an optional request to our download server (dl.crate.fluxcode.studio) to see if a newer version is available. Contains only the app version string in the User-Agent header — no personal data.
• Anonymous conversion event — when you activate a license key, a single fire-and-forget request sends an anonymous install identifier (a random UUID), the count of packs/unpacks performed before activation, the app version, and the operating system. No filenames, no audio data, no IP-derived location, and no personally identifiable information are included. This data helps us understand how users discover Crate. If the request fails (e.g. offline), it is silently dropped and never retried.

1a. Crash & error reporting (beta)

During the beta, when Crate hits a genuine bug (a fault in our code, not a problem with your computer or files), it sends us a small report so we can fix it. Problems caused by your environment — running out of disk space, a missing or blocked component, a wrong passphrase, a damaged package — are shown to you and never reported.

A bug report contains: an anonymous install identifier (the same random UUID described above), the app version, your operating system, a short error code and message, and a trailing snippet of the app's own log. Before anything is sent, file paths are stripped — every path becomes the placeholder <path> — so no filenames, folder names, audio data, or other personal content leaves your machine. Reports are sent over an encrypted connection to our service on Fly.io and emailed to our team through Resend.

Lawful basis (GDPR): legitimate interest — keeping the app stable and correct during the beta. Retention: reports are deleted after 90 days. Your control: crash reporting is on by default and you are shown a notice on first launch; you can turn it off at any time in Settings → Crash reports. To request deletion of reports tied to your install, email privacy@fluxcode.studio (we locate them by install identifier).

2. What the website collects

This website (crate.fluxcode.studio) is a static site. It does not use cookies for tracking. We may use:

• IP geolocation (ipapi.co) — a single request to determine your country for pricing. No data is stored on our end. See ipapi.co's privacy policy.
• Google Fonts — loaded from Google's CDN. See Google's privacy policy.

3. Newsletter

If you voluntarily subscribe to our newsletter, we collect:

• Your name (optional)
• Your email address
• Your consent (date and record of opt-in)

We use Sendy (self-hosted email software) to manage our mailing list. Your data is stored on our own servers — not on a third-party SaaS platform. We never sell, rent, or share your email with anyone.

Every email includes a one-click unsubscribe link. You can also email us at any time to request deletion of your data.

4. Purchases

License purchases are processed by Polar. Polar receives your email address and payment details (card number, billing address) to process the transaction. We do not store your credit card details. See Polar's terms for their data handling practices.

After purchase, your license key is delivered via email through Resend, a transactional email service. Resend receives only your email address for the purpose of delivering the license key. See Resend's privacy policy.

Our license-delivery webhook runs on Fly.io infrastructure. It processes order events (email, product ID) to mint and deliver your license. No payment card data reaches our servers.

5. Your rights (GDPR / CCPA)

You have the right to:

• Access — request a copy of any data we hold about you
• Rectify — correct inaccurate data
• Delete — request deletion of your data ("right to be forgotten")
• Portability — receive your data in a machine-readable format
• Withdraw consent — unsubscribe from emails at any time
• Object — opt out of any processing

To exercise any of these rights, email privacy@fluxcode.studio.

6. Data retention

Newsletter subscriber data is retained until you unsubscribe or request deletion. Purchase records are retained as required for accounting and tax compliance. Anonymous conversion analytics are retained indefinitely in aggregate form — they contain no personal data and cannot be linked to an individual. Beta crash & error reports are deleted after 90 days.

7. Children

Crate is not directed at children under 16. We do not knowingly collect data from minors.

8. Changes

We may update this policy. Material changes will be noted on this page with an updated date. Continued use of the website after changes constitutes acceptance.

9. Contact

For privacy questions: privacy@fluxcode.studio