Legal
Privacy Policy
Last updated: July 8, 2026
This policy explains what we collect, why, and how we protect it. Our guiding principle: Icemoon runs on your Mac, and your devices and automation data stay there.
1. What runs locally
The Icemoon desktop app operates entirely on your machine. Device screens, the accounts you manage, your automation flows, proxies, and captured data are stored and processed locally. They are not transmitted to us. We cannot see your fleet.
2. What we collect
- Account data — your name and email. Sign-in is passwordless: we email a short-lived one-time code and store only its hash until you use it, so there is no password to store.
- Billing data — we store your invoice history and the on-chain transaction id of each crypto payment. We do not take card details on our site; card-based purchases are handled entirely by our on-ramp partner, Simplex, so we never see or store card numbers.
- License data — a hash of your activation code, your plan, and which devices you have bound. We store the hash, not the code itself.
- Support data — the content of tickets you submit.
- Basic technical data — IP address and request logs for security and rate limiting, retained for a limited period.
3. Why we collect it
To provide the service: authenticate you, issue and verify licenses, process payments, deliver your build, respond to support, and protect the platform from abuse. We do not sell your data and do not use it for advertising.
4. Processors we use
- Simplex — card-to-crypto on-ramp used when you choose to pay by card. Simplex collects and handles the card and any identity data required for that purchase under its own privacy policy.
- TronGrid — a public Tron blockchain API we query to confirm incoming USDT payments.
- Our hosting and email providers — to run the site and send transactional email (license ready, receipts, security notices).
These processors handle data only on our instructions.
5. Security
Sign-in is passwordless — one-time email codes, stored only as short-lived hashes. Activation codes are stored only as hashes. Sessions use HttpOnly, SameSite cookies. Traffic is TLS-only. Download links are short-lived and signed. See our security overview for details.
6. Retention
We keep account, license, and billing records while your account is active and as required for tax and legal purposes after cancellation. Request logs are kept briefly for security. You can request deletion of your account data.
7. Your rights
Depending on your jurisdiction, you may access, correct, export, or delete your personal data, and object to certain processing. Contact us to exercise these rights.
8. Cookies
We use strictly necessary cookies for authentication (session) and security (CSRF). We do not use third-party advertising or tracking cookies.
9. Changes
We may update this policy; material changes will be announced by email or in the dashboard.
10. Contact
Privacy questions or data requests: privacy@icemoon.app.