Privacy Policy

MAC-MAC (the “Service”) is a native macOS macro recorder operated together with a small web dashboard at macmac.sentroy.com. We respect your privacy and aim to collect only the data we genuinely need to deliver the service you signed up for.

By using the Service you agree to the practices described in this Policy. If you do not agree, please stop using MAC-MAC.

Account information

When you create an account we collect your email address, display name and (if provided) a profile picture URL. Authentication is delegated to Firebase Authentication; we never see or store your password.

License information

If you purchase a Lifetime license, we record the plan tier, the activation date and the Polar order identifier. We do NOT store your payment card, billing address or any other payment details — Polar (the Merchant of Record) handles all of that on its own infrastructure.

Macros

Macros that you record locally on your Mac stay on your Mac by default. They are saved to ~/Library/Application Support/MacMac/macros.json — entirely outside our reach.

If you are a Lifetime subscriber and you sign in to MAC-MAC Cloud, you can opt in to cloud backup. When enabled, the following per-macro data is uploaded:

• macro name and (optional) description;
• the action list (key codes, mouse coordinates, scroll deltas, timing data);
• duration and action count;
• a SHA-256 checksum of the encoded JSON for integrity verification.

Cloud backup is OFF by default and can be disabled at any time from Settings → Account in the macOS app.

Device information

When you sign the macOS app in to MAC-MAC Cloud, we receive the device's local hostname so it can be displayed back to you (e.g. “Signed in on MacBook Pro”). We do not receive the MAC address, the serial number, or any other hardware identifier.

Server logs

Like most web services, our hosting provider records standard request metadata (IP address, user agent, timestamp, request path). These logs are kept for short-term operational and security purposes and are rotated regularly.

We use the data we collect to:

• authenticate you and keep your session secure;
• fulfill Lifetime purchases and apply your entitlement;
• store and serve cloud backups when you opt in;
• operate, maintain and improve the macOS app and the dashboard;
• respond to support requests;
• comply with legal obligations and prevent abuse.

We do NOT sell your data, share it with advertisers, build advertising profiles, or analyse the contents of your macros.

MAC-MAC relies on the following sub-processors. Each operates under its own terms and privacy policy.

Firebase Authentication (Google LLC)

Provides email/password and Google sign-in. Firebase verifies your identity, returns a signed ID token, and refreshes that token on our behalf. Firebase processes your email and (optionally) your Google profile.

MongoDB Atlas

Hosts the operational database in which we store user records, license records, API tokens (sha256-hashed) and backups. Encryption in transit (TLS) and at rest is enabled by default on Atlas clusters.

Polar.sh

Acts as the Merchant of Record for Lifetime purchases. Polar handles checkout, payment processing, taxes, invoicing and refund flows. We never see your card details. After a successful payment, Polar sends us a webhook containing the order identifier and customer identifier so that we can activate your license.

Apple Inc.

When we ship a new build, the macOS .app bundle is signed with our Apple Developer ID and submitted to Apple's notarisation service. Apple receives the binary and metadata necessary to perform a security scan. Apple may also receive telemetry from your Mac when you launch a notarised app for the first time, governed by Apple's own privacy policy.

We apply industry-standard security measures to protect your data, including:

• TLS encryption for all communication between the macOS app, the dashboard and our servers;
• API tokens are stored as SHA-256 hashes — never in plaintext;
• Single-active-session enforcement: signing in on a new Mac immediately invalidates the previous device's token;
• MongoDB Atlas encryption at rest and IP-allowlist for database access;
• Code-signed and notarised macOS builds, distributed only via the official channel.

No security system is perfect. If you become aware of a vulnerability, please report it to security@macmac.sentroy.com instead of disclosing it publicly.

We retain account information and license records for as long as your account exists. Cloud backups are kept until you delete them or until your account is deleted, whichever comes first. Routine database backups may retain a copy of deleted data for up to 30 days before being purged.

Depending on where you live, you may have the following rights regarding your personal data:

• access — request a copy of the personal data we hold about you;
• correction — ask us to correct inaccurate information;
• deletion — delete your account and associated data via Settings → Profile → Security, or by emailing support;
• portability — export your macros via the local export function in the macOS app;
• objection — object to certain processing activities;
• complaint — lodge a complaint with your local data-protection authority.

To exercise any of these rights, contact us at support@macmac.sentroy.com.

The dashboard uses minimal cookies — currently only what is strictly necessary for authentication (Firebase session persistence) and theme preference. We do not use third-party advertising cookies, marketing pixels or cross-site tracking.

MAC-MAC is not directed at children under 13 (or 16 in the European Economic Area). We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact support so we can delete it.

Our servers and sub-processors operate in multiple regions. By using the Service you understand that your data may be processed in countries outside your country of residence, subject to the safeguards required by applicable law.

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page reflects the most recent revision. Material changes will be announced via the dashboard.

Questions about this Privacy Policy or about the data we hold about you? Reach out at support@macmac.sentroy.com.