At MacPaw, We care about the privacy of Your data and are committed to protecting it.
This Privacy Notice (“Notice” or “Privacy Notice”) will help you understand who we are, how we operate, what personal data we collect, how we use it, on what legal grounds we rely when processing your Personal Data, how we keep your Personal Data secure, as well as your privacy rights and our commitments to comply with them, according to applicable Data Protection Laws.
Our Privacy Notice, which is part of Setapp's Terms of Use, explains the information we at MacPaw Way Ltd get when you use Setapp and our site.
About Us
Setapp is a platform for macOS, iPadOS and/or iOS* devices that operates in two formats: Setapp Membership and Setapp Single App. To learn more, please refer to the Terms of Use of Setapp that constitutes the integral part of this Notice. To understand your role and how this Notice applies to you, refer to section “Applicability” below.
Setapp is a platform you can use on your Mac, iPad, and/or iPhone. It works in two different ways:
- Setapp Membership
- Setapp Single App
If you want to understand more about how Setapp works, you can read our Terms of Use, which is an important part of this notice.
To figure out how this privacy notice applies to you specifically, look at the "Applicability" section below.
*Please note that Setapp’s functionality and apps availability may differ depending on Your region. For example, only users in the EU can download apps directly on iOS devices.
*Please note that Setapp’s functionality and apps availability may differ depending on Your region. For example, only users in the EU can download apps directly on iOS devices.
The data controller of Your Personal Data is:
MacPaw Way Ltd. (hereinafter “We/we”, “Us/us”, “Our/our” or “MacPaw”)
registration number 428214
registered address: 25 Serifou, Allure Center 11, Office No. 11-12, 2nd Floor, 3046 Zakaki, Limassol, Cyprus.
MacPaw Way Ltd is like a guard who takes care of your info when you use the app and the website.
We ensure secure and confidential data transmission through our robust practices, which we are happy to demonstrate to you. Please visit the Trust Center by following this link.
We take great care to make sure your information stays safe when we send it. We have strong security measures in place that we're proud of and happy to show you. Please visit the Trust Center by following this link.
As our Services are constantly evolving, we reserve the right to change this Privacy Notice at any time subject to the applicable regulations. Any changes will be published promptly on this page and communicated to you by email (to your most recently provided email address) or popup notification. You should, nevertheless, check this page regularly for any updates.
Setapp is always improving, so this Privacy Notice might change. If that happens, we will update this page and let you know by email or a popup notification. It’s still a good idea to check this page regularly for any updates.
APPLICABILITY
This Setapp Privacy Notice applies to You as a 1) Setapp Membership end user; 2) Setapp Single App end user (together referred to as “Services”), and 3) our website Setapp.com (Website or Site) visitor. Setapp includes the associated Setapp macOs, iPadOS and/or iOS applications.
You are choosing your role on your own.
This Setapp Privacy Notice applies to you as a Developer if you are a party to the SETAPP DEVELOPER AGREEMENT on the basis of which we process your Personal Data. For the purpose of this Notice, we refer to Developer as “Developer” or “Vendor”.
Please note: when you use the Website, we also collect and use cookies and other tracking technologies; the relevant Cookie Notice can be found by following this link.
This Privacy Notice applies to you if you use Setapp in any way—whether as a Setapp Membership user, a Single App user, or just visiting the Setapp website. Setapp also includes its apps for Mac, iPad, and iPhone. You decide which role applies to you.
If you’re a Developer working with Setapp under a SETAPP DEVELOPER AGREEMENT, this Privacy Notice also covers how we handle your personal data.
When you visit the Setapp website, we use cookies and tracking technologies. You can find details in our Cookie Notice.
This Privacy Notice does not apply to:
- Third-party services. Where third-party services are used, and the third party is not a Data Processor, no Personal Data (as defined below) is shared with them;
- Personal Data that we process about you when you interact as a user with other products/services or our branded social media pages under the brand name “MacPaw”. In such cases, the relevant privacy notice of each product/service you interact with will apply accordingly;
- Anonymized data.
Please note: when you purchase and use a Developer App on the Setapp platform, you should carefully review and understand the privacy Notice or privacy statement provided by the Developer. Setapp is not responsible for the collection, processing, or handling of your personal data by the Developer App. Any data shared with or collected by the Developer App is subject to the Developer’s own privacy practices.
This Privacy Notice does not cover everything. It doesn’t apply to:
- Other companies’ services. If Setapp isn’t sharing your personal data with them, they handle privacy on their own.
- Other MacPaw products or social media pages. Each has its own privacy rules.
- Data that has been completely anonymized.
If you buy or use an app from a Developer on Setapp, read their privacy Notice carefully. Setapp isn’t responsible for how those apps handle your data. The Developer’s own rules apply.
If you are a California resident, please see our “CALIFORNIA ADDENDUM - FOR RESIDENTS OF CALIFORNIA” section below regarding the rights you have under California law and how to exercise them.
If you live in California, please look at our "CALIFORNIA ADDENDUM - FOR RESIDENTS OF CALIFORNIA" section below. This special section explains the extra rights you have under California law and tells you how to use them.
If you are a United Kingdom of Great Britain and Northern Ireland citizen, please see our “UK GDPR” ADDENDUM section below regarding the rights you have under UK GDPR law and how to exercise them.
If you live in the United Kingdom of Great Britain and Northern Ireland, please look at our "UK GDPR ADDENDUM" section below. This special section explains the rights you have under UK GDPR law and tells you how to use them.
DEFINITIONS
Data Processor means a natural or legal person, public authority, agency, or other body that processes Personal Data on behalf of MacPaw.
Data Processor – a person or company that handles personal data for MacPaw
Data Protection Laws means any applicable data protection or privacy laws or regulations as may be amended or superseded from time to time, including but not limited to: i) the EU General Data Protection Regulation (“GDPR”) as implemented by countries within the EEA; ii) the UK General Data Protection Regulation and Data Protection Act 2018, as amended by Brexit legislation (“UK GDPR”); iii) the California Consumer Privacy Act (“CCPA”) and California’s Shine the Light law; and iv) any other applicable Data Protection Legislation and/or other laws or regulations that are similar, equivalent to, successors to, or that are intended to implement the laws or regulations applicable to you in relation to the transmission and processing of your Personal Data under this Privacy Notice
Data Protection Laws - GDPR, UK GDPR, CCPA etc.
Location data means the geographic area where you use your devices when interacting with Our Service(s). This information might be necessary to determine your general geographic location, applicable legislation and provide You with customised, localised and personalised content. We will not track specific geographic location.
Location Data – the general area where you use Setapp. This helps show the right content and apply the correct legal rules. Setapp does not track your exact location.
Log data refers to information that our systems automatically collect and record when you use our Service(s). This data is stored in log files and may include information such as device type, operating system version, application version, session start and end times, browser type and settings (if applicable), language preferences, and user interactions. We also collect diagnostic data, such as crash reports, error logs, and other performance metrics. This information is essential for ensuring the security of our systems, detecting and preventing unauthorized or illegal activities (e.g., fraud), and enforcing our Terms of Use. Additionally, diagnostic and log data helps identify and fix defects in our Service(s), analyze application malfunctions, and resolve issues experienced during use. Log data is mandatory and is frequently the main functionality, which helps to understand and resolve Service(s) issues.
Log Data – your device type, app version, when you start and stop a session, and error reports. This helps keep Setapp secure, fix bugs, and prevent fraud.
Personal Data means any information relating to an identified or identifiable natural person.
Personal Data - your name, e-mail etc.
Special Categories of Data means Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, and data concerning health or a person’s sex life or sexual orientation. By default, the Special Categories of Data are not processed in any way by the Services or Site. If you believe that we may have unknowingly received your Special Categories of Data, please contact us. We will promptly investigate and, if confirmed, take immediate action to irreversibly delete it.
Special Categories of Data – sensitive personal information like race, political views, religion, health, or sexual orientation. Setapp does not process this kind of data. If you think we have it by mistake, let us know, and we will delete it right away.
Setapp Membership means that You, as an end user, can purchase a subscription to the Setapp platform, which grants You access to a curated catalog of Developer App available on the platform.
When you get a Setapp Membership, it means you’re signing up to use Setapp by paying for it. Once you do, you can use a bunch of cool apps that have been specially picked and added to Setapp.
Setapp Single App means that You, as an end user, can purchase a specific Developer App independently, without subscribing to the Setapp platform.
Setapp Single App means you can buy just one app on its own, without signing up for the whole Setapp service. It’s like picking one toy instead of the whole toy box.
Service(s) Usage and Device Data refers to information collected about how you interact with our Services and use applications. This data includes Device Data, which comprises Device ID, and device and usage data (such as device name and licenses). We collect this data to analyze usage patterns, optimize features, identify technical issues, and enhance the overall user experience. It also helps us understand user behavior and improve the UX and performance of our Services.
We rely on your consent when processing this data for behavioral advertising or measuring the effectiveness of advertising campaigns. For purposes such as fraud prevention, error correction, bug fixing, technical improvements, and service analytics, we process this data based on our legitimate interests.
Service(s) Usage and Device Data - info about how you use our services and apps—like what kind of device you’re using, your device ID, and how the app is working for you. We use this to make things better, fix problems, and understand what users like or don’t like.
If we want to use this info to show you ads that match your interests or to see how well our ads are working, we’ll ask for your okay first. But for things like keeping everything safe, fixing bugs, or making the app run smoother, we use the info because it helps us do our job well.
Standard Contractual Clauses means i) where the EU GDPR applies, the contractual clauses annexed to the European Commission's Implementing Decision 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council, incorporating Module 1 (Controller to Controller transfers) (EU SCCs); and ii) where the UK GDPR applies, the template Addendum B.1.0 issued by the UK's Information Commissioner's Office and approved by Parliament in accordance with s119A of the Data Protection Act 2018 (UK Approved Addendum) and the accompanying Mandatory Clauses of the UK Approved Addendum, as updated from time to time and/or replaced by any further version published by the Information Commissioner's Office (UK Mandatory Clauses).
Standard Contractual Clauses means special legal agreements we use to protect your personal data when it’s sent to countries outside the EU or the UK. These agreements follow official rules approved by the EU and UK to make sure your data stays safe, no matter where it goes.
All capitalized terms used in this Privacy Notice and not otherwise defined shall have the meanings assigned to such terms in the Terms of Service.
All capitalized words in this Privacy Notice that aren’t explained here will mean the same thing as they do in our Terms of Service.
DATA WE PROCESS AND PURPOSES
We collect information that, alone or in combination with other data, could be used to identify you (Personal Data). Some of the information we collect is stored using anonymization instruments that cannot be linked back to you (Non-Personal Data).
We collect two kinds of information: one is Personal Data, which means things that can be used to figure out who you are—by itself or when combined with other info. The other is Non-Personal Data, which is info that we’ve made anonymous, so it can’t be traced back to you.
Detailed information about the disclosure of your Personal Data and the collection of Personal Data by third parties is governed by their privacy practices and data transfer contractual commitments. To learn more, please refer to the section “Third-Party Information and Personal Data Disclosure” of this Notice.
Details about how your Personal Data is shared with others, or collected by third parties, follow their own privacy rules and the agreements we have with them. If you want to know more, check out the part called “Third-Party Information and Personal Data Disclosure” in this Notice.
Vendor Data means that we will collect and process vendor-related data to facilitate Setapp distribution, payment settlements, and ensure compliance with marketplace policies. Vendor Data comprises the following:
- contact (email,name and legal representative, country of representative);
- account data (beneficiary details) and preferences;
- application metadata (descriptions, branding elements, pricing, version history);
- license and distribution settings (membership inclusion, single distribution eligibility, prices);
- payment metadata and billing (payment methods, transaction history);
Vendor Data means information we collect about you as a vendor and your app to help run our marketplace. This includes:
- Your contact details and country you operate in
- Your payment information
- Details about your app like descriptions and pricing
- How you want your app distributed
- Records of payments and transactions
- Information about app updates and versions
This helps us manage distribution, pay developers correctly, and follow marketplace rules.
Setapp Membership and Single App: Types of data we process, purposes and legal basis we rely on
| Type Of Data | Purpose | Legal basis |
|---|---|---|
| Contact and Account data, Location and Log Data |
|
|
| Contact and Account data, Location and Log Data, Service(s) Usage and Device Data |
|
|
| Contact and Account data, Log Data |
|
|
| Contact and Account data, Log Data, Location data, Service(s) Usage and Device Data, Information about security settings (exclusively to preserve security and confidentiality of your Personal Data) |
|
|
| Log data, Location data, Service(s) Usage and Device Data |
|
|
Vendor Data: Types of data we process, purposes and legal basis we rely on
| Type Of Data | Purpose | Legal basis |
|---|---|---|
| Contact, Account Data and preferences; Payment Metadata and Billing; Log Data |
|
|
| Contact and Account data, Log Data |
|
|
| Log data, Location data, Service(s) Usage and Device Data |
|
|
| Contact and Account data, Location and Log data, Service(s) Usage and Device Data, Information about security settings (exclusively to preserve security and confidentiality of your Personal Data) |
|
|
COOKIE FILES AND SIMILAR TECHNOLOGIES
MacPaw uses cookies and similar technologies on our Website that help us provide, analyze, understand, and enhance the use of our Services, enforce our Terms of Use, prevent fraud, improve Website performance, monitor visitor traffic and actions, deliver and tailor our marketing or advertising, and understand interactions with our emails, marketing, and online ads on third-party sites. The Website may also include cookies and similar tracking technologies from third parties, which may collect information about you via the Website and Services and across other websites and online services.
We preserve your privacy when we collect your Personal Data for our internal analytical purposes through the Website. We have developed our own analytics data module that removes any Personal Data and Personally Identifiable Information when you do not provide your consent (including Google clientid, Google gclid) and replaces it with random identifiers that cannot be directly linked to you, so that we gather only aggregated information. For more details about how we use this technology, as well as processing your Personal Data when you consent to it, please see our Cookie Notice. To find more about how we conduct customer surveys, and other marketing and analytics campaigns when we rely on your consent, go to the section “Customer Surveys and Conducting Analytics Campaigns” below.
MacPaw uses small files called cookies on our website. These help us:
- Make our services work better
- Understand how you use our website
- Make sure people follow our rules
- Stop anyone trying to cheat
- See how many visitors we get
- Show you ads that might interest you
Other companies might also put cookies on our website to collect information about you when you visit us and other websites.
We care about your privacy. When we collect data for our own analysis, we remove any personal details that could identify you if you haven't given permission. We replace this with random codes that can't be linked back to you.
If you want to know more details, you can read our Cookie Notice. To learn about how we do customer surveys and other research when you give us permission, look at the "Customer Surveys and Conducting Analytics Campaigns" section below.
VENDOR DATA PROCESSING AGREEMENT
Where Setapp and Vendor are parties to Setapp Developer Agreement and Setapp processes Personal Data in connection with end users’ uses of Setapp under the Terms of Use and present Privacy Notice, and Vendor will collect and process end-user Personal Data for its independent purposes in the course of distributing its applications to end-users according to such Vendor’s terms of use and privacy commitments (i.e. sales, marketing, analytics and data about app functionality), each Party will be “Controller”, not joint controllers (as such terms are defined by Data Protection Laws).
Where Setapp processes Vendor’s Data (i.e. to facilitate app distribution and payment settlements) as defined in Section Vendor Data in Setapp Single App above and pursuant to the terms of the Setapp Developer Agreement, Setapp will be the Processor of Vendor’s Personal Data.
This Vendor Data Processing Agreement (“Agreement”) forms part of the agreement(s) between Vendor and Setapp covering customer’s (end users) use of the Services, processing Vendor’s Data by Setapp, and the related processing of customers’ Personal Data, by Vendor.
When you as a Vendor use Setapp to sell your apps according to Setapp Developer Agreement, we both handle information in different ways:
- When you collect user data for your own purposes (like sales, marketing, or app features), you're in charge of that data according to your own privacy rules.
- When Setapp collects information about how end users use our platform, we're in charge of that data according to our privacy rules.
- When Setapp processes Vendor information (like to distribute app through the platform), we're just the helper - we process this data on your behalf.
This VENDOR DATA PROCESSING AGREEMENT is part of our bigger contract. It explains how we both handle personal information from vendors and end users when working together.
MINORS
Our activities are not aimed at children under 13 years. We do not knowingly collect information from children under the age of 13. If you have not reached the age limit, do not use the functionality of Setapp, Services, Site and do not provide us with your personal information.
If you are a parent of a child below the age limit and you learn that your child has provided MacPaw with personal information, please contact us at [email protected] and insist on exercising your rights of access, correction, cancellation and / or opposition.
Setapp is not meant for kids under 13 years old. We don't knowingly collect info from kids under 13.
If you're younger than 13, please don't use Setapp or our website, and don't share your personal information with us.
Parents: If you find out your child who is under 13 has shared their information with us, please email us at [email protected]. You can ask us to let you see what information we have, fix any mistakes, or delete the information completely.
REQUESTS VIA SETAPP
We use information processed from Setapp to respond to your requests. We do not sell, rent, lease, trade or share your Personal Data other than as outlined in this Privacy Notice. When you provide us with your Personal Data or otherwise choose to sign up to receive email communications from us, we will use that information to send those communications to you. We will rely on your consent or legitimate interest. You may “opt out” of receiving email communications through links available on emails received, or via your account preference settings or by contacting us.
THIRD PARTY INFORMATION AND PERSONAL DATA DISCLOSURE
We receive information from third-party business partners, such as marketing data and Service(s) Usage and Device Data.
Some third-party applications and services that work with us may ask for permission to access Your information. Those applications will provide You with notice and request Your consent. Please consider Your selection of such applications and services, and Your permissions, carefully. Data collected by third parties through these apps and plugins is subject to each parties’ own policies. We encourage You to read those policies and understand how other companies use Your data.
In most cases, your data is processed within the territory of the European Economic Area (EEA). When we transmit your personal data beyond EU/EEA regions, we rely on Standard Contractual Clauses as approved by the European Commission (EU-US DPF) and confidentiality obligations, ensuring your data is handled with care and responsibility.
We are committed to maintaining the highest security standards to protect Your Personal Data both in transit and at rest. To learn more about Our security commitments, go to section “Security and Confidentiality” below.
In the table below we provide You with information about whom we share Your Personal Data, the purposes, as well as transfer mechanisms we rely on when disclosing Your Personal Data to ensure its secure transmission.
Sometimes we get information about you from companies we work with, like marketing data or how you use our services.
Some apps that connect with us might ask to see your information. They'll tell you what they want and ask if that's okay. You can choose which apps to use and what information to share. Remember, once other companies have your data, they follow their own privacy rules, not ours. It's a good idea to read their policies too.
Most of the time, we keep your information in European Economic Area (the EEA). If we need to send your data outside Europe, we use special legal agreements (called Standard Contractual Clauses) and make sure everyone keeps your information private.
We work hard to keep your personal information safe, both when it's being sent and when it's stored. To learn more about how we protect your information, check the "Security and Confidentiality" section below.
Further down, we've made a table that shows who we share your information with, why we share it, and how we make sure it stays safe when we send it.
| Third Party | Purposes and Legal basis | Transfer mechanism and Contractual commitments |
|---|---|---|
| PADDLE.COM MARKET LIMITED Judd House 18-29 Mora Street, GB/London EC1V8BT; or Bright Market, LLC d/b/a FastSpring: Address: 801 Garden Street Suite 201, US/SANTS BARBARA 93101 Please note that We do not retain any payment information provided by You. All such information is provided directly to the Third Party. |
Proceeding of payments, handling returns and providing You with support to perform Terms of Use with You and provide You Our Services Services(s) running and fraud prevention for Our legitimate interests. | Data Processing Addendum following this link |
| Stripe Payments Company 354 Oyster Point Boulevard, South San Francisco, California, 94080 Please note that We do not retain any payment information provided by You. All such information is provided directly to the Third Party. |
We use Stripe for payments, analytics, and other business services. Stripe may collect personal data including via cookies and similar technologies. The personal data Stripe collects may include transactional data and identifying information about devices that connect to its services. Stripe uses this information to operate and improve the services it provides to us, including for fraud detection, loss prevention, authentication, and analytics related to the performance of its services. You can learn more about Stripe and read its privacy Notice at https://stripe.com/privacy. | Data Processing Agreement is placed here |
| MacPaw Corporate Transactions | MacPaw intra-group sharings between departments of software development, analytics, security IT
services, and customer support for Our legitimate interests; For Macpaw merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding; for Our legitimate interests and comply with legal obligations set forth by applicable Data Protection Laws |
Standard Contractual Clauses as approved by the European Commission (EU-US DPF) and MacPaw Corporate Confidentiality obligations |
| Zendesk 989 Market Street, San Francisco, California 94103 United States |
Our customer service solution provider to provide You with information upon your requests; to perform an Terms of Use with You and comply with legal obligations set forth by applicable Data Protection Laws | Privacy and data protection commitments can be found here; Binding Corporate Rules can be found here |
| Google LLC (USA) | Analytics, communication service and marketing data handling provider to provide You Service (s) and to optimize Your user experience, as well as improve content; per Your consent or Our legitimate interests, when applicable. | Standard Contractual Clauses as approved by the European Commission (EU-US DPF). |
| CookieYes CookieYes Limited (3 Warren Yard Warren Park, Wolverton Mill, Milton Keynes, MK12 5NW, United Kingdom, company number 13074037, VAT number GB381305513) |
Cookie Consent Management Tool to manage collection of cookies and other tracking technologies via Site, to document Your consent and provide You with a clear and transparent cookie banner; to perform an Terms of Service with You and comply with legal obligations set forth by applicable Data Protection Laws | Data Processing Terms of Service following this link; refer to our Cookie Notice to find more details. |
| Functional Software, Inc. d/b/a Sentry Sentry, 45 Fremont Street, 8th Floor, San Francisco, CA 94105. |
Our SaaS partner in development, maintenance and errors fixing; for Our legitimate interests. | Standard Contractual Clauses as approved by the European Commission (EU-US DPF). EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF Certification can be found here. |
| Cloudflare, Inc. 101 Townsend St, San Francisco, CA 94107 USA |
Our partner for content delivery network (CDN), security and DDoS protection); for our legitimate interests. | Cloudflare Data Processing Addendum can be found here |
| AWS (Amazon Web Services, Inc.) | Our partner in data hosting and storage, computing resources, to manage and operate our infrastructure; for performance of Terms of Use with you. | AWS Data Processing Addendum can be found here |
| Campaign Monitor Marigold 11 Lea Ave Nashville, TN 37210 |
E-mail marketing partner; per your consent, and our legitimate interests where applicable | Services Privacy Statement can be found here |
| Calendly Calendly, Inc. 115 E Main St., Ste A1B Buford, GA 30518 USA |
Sales tool partner to download demos through the website; to perform Terms of Use with you and our legitimate interests where applicable | Data Processing Addendum can be found here |
| Apple Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA |
Distribution and management platform; your Interactions with App Store; to perform Terms of Use with you | Data and Privacy Apple commitments can be found here |
For more information about our other marketing activities and analytics, follow the section “Conducting Customer Surveys and other Interactions” below.
For more information about Third Parties whom we engage for marketing and analytics via Site, follow Our Cookie Notice.
Follow the section “Conducting Customer Surveys and other Interactions” to learn more about what data we process for our analytics and marketing.
When you run the Website, Our Cookie Notice applies.
LEGAL OBLIGATIONS
We may disclose or allow government and law enforcement officials access to your Personal Data, in response to a subpoena, search warrant or court order (or similar requirement), or in compliance with applicable laws and regulations. Such disclosure or access may occur if we believe in good faith that:
Sometimes, we might need to give your personal information to government officials or law enforcement. This could happen if they give us a legal order like a subpoena, search warrant, or court order, or if the law requires us to share it.
We would only do this if:
CONDUCTING CUSTOMER SURVEYS AND OTHER INTERACTIONS
We also receive Personal Data when you participate in a focus group, contest, activity, or event, request support, interact with our social media accounts, or otherwise communicate with MacPaw. We interact with you upon your consent.
All MacPaw account holders will continue to receive transactional messages related to our Service(s), even if you unsubscribe from promotional emails. Transactional messages mean important communication with you that, for example, may concern software setup, payment confirmation, or any updates to our services and licenses. The legal basis for sending you transactional messages is the performance of the Terms of Use with you.
When you use Services, we can also use your Contact data to send you customer and satisfaction surveys. We will use the results of the surveys to improve our Services and deliver You the customized content. By doing so, we rely on your consent.
We may collect your Personal Data when you take part in things like contests, focus groups, events, surveys, or when you chat with us on social media or reach out for help. We only do this if you say it’s okay.
Even if you unsubscribe from our promotional emails, if you have a MacPaw account, we’ll still send you important service messages—like when you set up software, make a payment, or there’s an update to your app or license. These are called transactional messages, and we send them because they’re part of the service we promised to provide.
We may also ask for your feedback in customer satisfaction surveys. We’ll use what you tell us to make our services better and show you content that fits your interests—and we’ll only send these surveys if you’ve agreed to it.
DURATION OF PERSONAL DATA STORAGE
We have developed and implemented an internal Data Retention and Destruction Notice that governs processing activities and scenarios we have carefully developed for each specific activity, specific terms for keeping your Personal Data, the legal basis we rely on, and justifications, as well as data destruction methods when retention periods expire.
We store your Personal Data:
- For the fulfillment of our contractual obligations and providing services under the Terms of Use, we keep your data during the term of the Terms of Use. To find out more, please refer to the Terms of Use.
- For the purpose of sending you newsletters, we keep your data for as long as we retain your consent. You may revoke your consent at any time by clicking “unsubscribe” in the email footer.
- For the fulfillment of tax and accounting obligations in accordance with our legal obligations, we will retain your personal data usually for 10 years (depending on the applicable law).
- Cookies data and other log files will be stored until the relevant cookies expire. You can always check the duration of cookie storage in our Consent Management Tool. We have set the duration in the cookie banner.
- Metrics and log data will be stored for the duration not exceeding 12 months;
- For our internal analytics for the purposes of improving Our Service(s), we will retain your data for 3 years.
- When we process your data for the purposes of exercising your rights as the data subject and respond to your access requests, we will retain your data for 5 years.
- When we process your data for the purpose of establishing, exercising, or defending against legal claims, we will keep the data for as long as it is necessary to defend our specific rights and interests, and, in the case of a dispute, until the final execution of the binding decision of the competent supervisory authority.
Upon expiration of data storage, we will securely destroy your data in accordance with our Data Retention and Destruction Notice and applicable laws and regulations.
If we seek to retain your personal data on file on the basis that a further opportunity may arise in the future, we will inform you with notice, seeking your explicit consent to retain your personal data for a fixed period on that basis.
If you believe that we are keeping your data illegally, please send the respective notice request to [email protected]. We will review your request at our earliest convenience and delete your data unless we are required by law to keep it for a longer period, or unless we can demonstrate legitimate grounds for processing that override your interests, rights, and freedoms. If deletion is impossible, we will securely store your personal data and isolate it from any further processing until deletion is permitted.
We have special rules about how long we keep your personal information and how we get rid of it when we don't need it anymore.
We store your Personal Data:
- When you use our services: We keep your information for as long as you're using our services. If you want to know more, check out our Terms of Use.
- For newsletters: We keep your information as long as you want to get our newsletters. You can always click "unsubscribe" at the bottom of any email if you don't want them anymore.
- For tax and money stuff: We usually need to keep some of your information for about 10 years because the law says we have to.
- Cookie information: We only keep this until the cookies expire. You can see how long that is in the cookie banner when you visit our website.
- Measurements and records: We keep these for up to 12 months.
- To make our service better: We keep information for 3 years when we're using it to improve what we offer you.
- When you ask about your data: If you ask us questions about your information, we keep records of that for 5 years.
- For legal protection: If we need your information to protect ourselves in legal matters, we keep it until the issue is completely finished.
When it's time to delete your information, we do it safely following our special rules and what the law requires.
Sometimes we might ask if we can keep your information longer in case we need it later. If this happens, we'll ask you directly and tell you exactly how long we want to keep it.
If you think we're keeping your information when we shouldn't be, please email us at [email protected]. We'll look at your request as soon as we can. We'll delete your information unless we legally need to keep it or have a really good reason to keep it. If we can't delete it right away, we'll store it safely and not use it until we can delete it properly.
SECURITY AND CONFIDENTIALITY
We are committed to protecting the privacy and security of Your Personal Data. We have recently achieved ISO 27001 certification for Setapp, demonstrating our dedication to maintaining a high standard of information security management. This internationally recognized standard sets requirements for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS).
Here’s how we ensure the security and confidentiality of Your Personal Data:
- Information Security Policies: We have established a comprehensive set of information security policies that guide our data protection practices, which are regularly reviewed and updated to remain effective;
- Access Control: Access to personal data is strictly controlled. We employ user authentication, role-based access controls, and encryption to prevent unauthorized access to your data;
- Data Encryption: Your personal data is encrypted both in transit and at rest using industry-standard encryption methods to prevent unauthorized access or disclosure;
- Risk Management: We conduct regular risk assessments to identify potential security threats and vulnerabilities. This proactive approach helps us to implement effective measures to mitigate identified risks.
- Security Awareness and Training: Our employees receive regular training on information security and data protection best practices to ensure they understand the importance of maintaining data privacy.
- Incident Management: We have established a comprehensive incident response plan to quickly and effectively address any security incidents or breaches. This includes processes for detection, containment, investigation, and communication.
- Data Integrity and Accuracy: We implement measures to ensure the accuracy and completeness of personal data and prevent unauthorized alterations.
- Physical and Environmental Security: Our data centers and office locations are protected by physical security controls such as access restrictions, surveillance, and environmental controls to safeguard against physical threats.
- Supplier Security and Vendor Check: We assess and monitor our suppliers and vendors to ensure they meet our high standards of data protection and information security
- Regular Audits and Continuous Improvement: As part of our ISO 27001 certification, we conduct regular internal and external audits of our ISMS to identify areas for improvement and ensure ongoing compliance with security standards.
Find our ISO 27001 certification by following this link or visit our Trust Center.
We work hard to protect your personal information and keep it secure. We're proud that our Setapp service has earned a special safety certificate called ISO 27001, which shows we take security very seriously.
Ways We Protect Your Information:
- Safety Rules: We have created careful safety rules that everyone in our company follows. We check and update these rules regularly to make sure they work well.
- Controlling Who Can See Your Information: Not everyone can see your personal information. We use special passwords, different levels of access for different employees, and scramble your information so strangers can't read it.
- Scrambling Your Information: We use special computer codes to jumble up your information when it travels through the internet and when it's stored. This means even if someone tried to look at it, they couldn't understand what they were seeing.
- Watching for Dangers: We regularly look for possible safety problems so we can fix them before anything happens.
- Teaching Our Team: Everyone who works with us learns about keeping information safe. We have special training so everyone knows how important your privacy is.
- Plan for Problems: We have a step-by-step plan ready in case anything goes wrong. This includes how to spot problems, stop them from spreading, investigate what happened, and tell people who need to know.
- Keeping Information Accurate: We have ways to make sure your information stays correct and complete, and that nobody changes it without permission.
- Physical Protection: We protect the actual buildings and computers where your information is kept with things like restricted access, security cameras, and controls for temperature and other environmental factors.
- Checking Our Partners: We make sure any other companies we work with are also careful with your information.
- Regular Check-ups: We regularly inspect our security systems both ourselves and with outside experts to make sure everything is working properly.
Find our ISO 27001 certification by following this link or visit our Trust Center.
PERSONAL DATA BREACHES NOTIFICATION
We have developed a strong Incident Response Plan that, inter alia, in case of a Data Breach, will take all reasonable steps to investigate, contain, and report the Data Breach to you.
If the data breach is likely to result in a high risk to your rights and freedoms, we will communicate the Personal Data breach to you without undue delay via email and instruct you on mitigation measures. In case our communication channel with you is compromised by the incident, we will notify you using media channels, and this Site in particular.
Breaches of this Privacy Notice by staff, contractors, or officers of MacPaw will be dealt with under MacPaw’s internal grievance and disciplinary Notice and may lead to a disciplinary sanction.
In some cases, MacPaw may process Personal Data pursuant to a legal obligation or to protect your vital interests or those of another person.
We have a strong plan for handling problems with your data. If there's ever a data breach, we'll take all reasonable steps to investigate what happened, stop it from spreading, and let you know about it.
If a data breach might cause serious problems for you, we'll tell you right away by email and give you advice on how to protect yourself. If we can't email you because the breach affected our ability to contact you, we'll post information on our website and use other media to reach you.
If anyone who works for MacPaw breaks our privacy rules, they'll face consequences under our company policies, which might include disciplinary action.
Sometimes, MacPaw might need to use your personal information because the law requires us to, or to protect you or someone else in an emergency situation.
YOUR RIGHTS AS THE DATA SUBJECT
You have the following rights in respect to Your Personal Data, including the right to access, correct, or delete Personal Data. You can:
- Have Your Personal Data corrected or deleted. You may ask Us to correct information You think is inaccurate or completely delete all information that We hold about You by emailing: [email protected]
- Access Your Personal Data report by submitting a request at [email protected]. This report will include the Personal Data We have about You, provided to You in a structured, commonly used, and portable format.
- Object to processing Your Personal Data. It is Your right to lodge an objection to the processing of Your Personal Data by emailing: [email protected] if You feel the “ground relating to Your particular situation” applies. The only reasons We will be able to deny Your request is if We can show compelling legitimate grounds for the processing, which override Your interest, rights and freedoms, or the processing is for the establishment, exercise or defence of a legal claim.
- Withdraw consent on marketing emails, including when We use Your Personal Data to send You marketing emails. We only send marketing communications to You with Your prior consent, and You may withdraw Your consent at any time by clicking the “unsubscribe” link found within MacPaw emails and changing Your contact preferences. Please note You will continue to receive transactional messages related to Our Service(s), even if You unsubscribe from marketing emails.
- Withdraw consent. This right only exists where We are relying on consent as a legal basis to process Personal Data about You (“Consent Withdrawal”).
- Without prejudice to any other administrative or judicial remedy, You have the right to appeal to a supervisory authority if You consider that the processing of Personal Data relating to You is in breach of the applicable laws and regulations. If You’re based in the European Economic Area (EEA) and think that We haven’t complied with data protection laws, You have a right to lodge a complaint with Your local supervisory authority. You can find the list of supervisory authorities via this link.
- Request to know more details about the categories or specific pieces of Personal Data We collect (including how We use and disclose this Personal Data), to delete their Personal Data, to opt out of any “sales” that may be occurring, and to not be discriminated against for exercising these rights.
You may have other rights as may be provided by Data Protection Laws.
You will not have to pay a fee to access Personal Data about You (or to exercise any of the other rights outlined above). However, except in relation to Consent Withdrawal, We may charge a reasonable fee if Your request is clearly unfounded, repetitive, or excessive, or, We may refuse to comply with Your request in these circumstances.
We may need to request specific information from You to help Us confirm Your identity and ensure Your right to access Personal Data about You (or to exercise any of Your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact You to ask You for further information in relation to Your request to speed up Our response.
We try to respond to all legitimate requests within one (1) month (i.e. 30 calendar days). Occasionally it may take Us longer than a month if Your request is particularly complex or You have made a number of requests. In this case, We will notify You and keep You updated.
Data Protection Officer
To communicate with Our Data Protection Officer, please use our dedicated email channel [email protected].
You have important rights about your personal information. Here's what you can do:
- You can ask us to fix mistakes in your information or completely delete all information we have about you. Just email us at [email protected].
- You can get a report of all the personal information we have about you. Email [email protected] to request this report. We'll give you your information in a format that's easy to use and share.
- You can tell us to stop using your personal information if you have a good reason. Email [email protected] to object. We can only say no if we have very strong legal reasons that are more important than your wishes, or if we need your information for legal claims.
- You can stop getting marketing emails from us anytime. Just click "unsubscribe" in any MacPaw email or change your contact choices. You'll still get important messages about services you use, even after unsubscribing from marketing.
- You can take back your permission for us to use your information, if you gave us permission before.
- If you think we're not following privacy laws, you can complain to the privacy authority in your country. If you're in Europe, you can find your local authority through this link.
- You can ask for more details about what information we collect, how we use it, request to delete your information, opt out of any "sales" of your data, and ask not to be treated differently for exercising these rights.
You might have other rights depending on the privacy laws in your area.
You don't have to pay anything to access your information or use these rights. But if your request is clearly unnecessary, repetitive, or excessive, we might charge a reasonable fee or decline your request.
We might need you to provide some information to verify your identity before we can help you. This is to protect your information from being given to someone else.
We try to respond to all reasonable requests within 30 days. If your request is complicated or you've made several requests, it might take longer. If that happens, we'll let you know and keep you updated.
If you need to contact our Data Protection Officer directly, you can email [email protected].
CHANGES TO THIS PRIVACY NOTICE
We may need to update this Privacy Notice to keep pace with changes in our Service(s), our business, and the laws applicable to us and you. We will, however, always maintain our commitment to respect your privacy. We will notify you of any material changes that impact your rights under this Privacy Notice by email or popup notification (to your most recently provided email address) or post any other revisions to this Privacy Notice, along with their effective date, in an easy-to-find area of our Setapp Website. Therefore, we recommend that you periodically check back here to stay informed of any changes. Please note that your continued use of MacPaw after any change means that you agree with and consent to be bound by the new Notice. If you disagree with any changes in this Privacy Notice and do not wish your information to be subject to it, you will need to stop using the Service(s).
We might need to update this privacy notice as our services change, our business grows, or the laws change. But we'll always respect your privacy. If we make important changes that affect your rights, we'll let you know by sending an email to your most recent email address or by showing you a popup notification. We'll also post any changes on our Setapp Website where they're easy to find, along with the date when they take effect.
It's a good idea to check back here sometimes to see if anything has changed. Remember, if you keep using MacPaw after we make changes, it means you agree to the new privacy rules. If you don't like the changes and don't want us to use your information under the new rules, you'll need to stop using our services.
CONTACT US
You may contact Us with any questions relating to this Privacy Notice by e-mailing to our customer support: [email protected], or to communicate with Our Data Protection Officer, please use our dedicated email channel [email protected].
If you have any questions about how we protect your privacy, you can write to us at [email protected].
If you want to talk to our privacy expert (called a Data Protection Officer), send an email to [email protected].