Privacy Policy
Last updated: 2026-05-16
Core Promise
The Dimkey desktop application never uploads file content, detection results, or scan data. All document processing — detection, redaction, restoration — happens entirely on your machine. The license service exists solely to bind your purchase to a limited number of devices.
What the License Service Collects
Only when you activate, deactivate, heartbeat, or recover a license, the desktop client sends:
- Email address and license key
- Device fingerprint — a SHA-256 hash derived from machine UUID, physical MAC, CPU model, and OS install ID. The hash is irreversible; we never store or transmit the raw hardware identifiers.
- Device hostname, operating system, application version, and language variant (zh / en)
- IP address and User-Agent (automatically attached by your network)
How We Use Your Data
Solely to enforce the per-license device limit, detect abuse (such as rapid duplicate activations from rotating fingerprints), and support customer-service requests like "I lost my key — please resend it". We do not use this data for behavioral tracking, advertising, or profile building, and we do not sell it to third parties.
Data Retention
- Device records — kept while active, then retained up to 90 days after deactivation for fraud-pattern review, then purged.
- Audit logs (activate / deactivate / recover / webhook events, with IP and User-Agent) — retained for 1 year.
- Email delivery logs — managed by Resend per their retention (typically 30–90 days).
Where Your Data Is Stored
License records are stored in an SQLite database on a server hosted by Fly.io (region selectable; default nrt, Tokyo). Backups are encrypted at rest. Email templates are rendered server-side and dispatched via Resend.
Third-Party Services
- Payment — Lemon Squeezy (international card / PayPal). They store your billing details; we only receive your email, order reference, and the webhook event.
- Payment (China) — WeChat Pay, handled manually by our support team.
- Email delivery — Resend.
- Hosting — Fly.io.
Your Choices
You can deactivate any device at any time from the device management page; the slot is freed immediately. To delete your account entirely, email us and we will purge the license, devices, and audit entries that reference you.
Contact
Questions, requests, or complaints: support@dimkey.com