We strongly support your right to privacy when using our products.
To the extent that our products and websites can provide their functionality without doing so, we prefer to avoid collecting data from you.
In the cases where we do collect data, we try to be clear about why we're collecting it, collect as little as we need, tell you how long we keep it, delete it when we no longer need it, and give you the ability to opt out of collection whenever possible.
We use modern security measures to protect collected data, and limit access to only those employees who require access to perform their jobs. We may be legally required to disclose collected data to law enforcement or government agencies in some situations.
If you purchase a product directly from panic.com or play.date, we collect your:
- full name
- billing and shipping address (if needed)
- company name (optionally)
- email address
The purpose of collecting this information is to deliver your product and identify you in the future as the licensee or owner of the product. We may need to verify your identity if, for example:
- you contact us for support
- you request a receipt or invoice
- you request a refund
- you request to change your shipping address
- you request that we re-send your purchased app's serial number
- you wish to receive discounted upgrade pricing on an app you've previously purchased
Because addresses, both real-world and electronic, tend to change over time, having more than one piece of identifying information helps ensure we can find a record of your purchase should you need help later.
We do not sell or otherwise disclose this information to third-parties, except as required to complete your transaction and shipment. For example, we send it to our credit card processor once at the time of purchase in order to authorize the transaction, or to our shipping partners to be able to handle your shipment.
We do not collect or store your credit card's number, expiration date, or CVV code. When you purchase from panic.com, your credit card details are routed directly from your web browser to our credit card processor, and are not stored on any Panic-owned server even temporarily. When you purchase from play.date or the Untitled Goose Game Shop, your credit card details are managed entirely by Shopify.
You may update your personal information with us at any time by emailing firstname.lastname@example.org.
We retain the personal information related to your purchase indefinitely to facilitate support interactions, unless you ask us to remove it. To request removal of your personal information related to a purchase, contact email@example.com. If you do this, be sure to keep a copy of any purchased app serial numbers, as we will no longer be able to look them up once we have removed your identifying information from our system.
If you use a Playdate device, asking us to remove your personal information also means that you'll lose access to certain features, such as automatic software updates and on-device game delivery. We may also be limited in our ability to provide support for any issues that may arise with your device. You'll still be able to play existing or manually-loaded games on your device.
When handling support requests from you, we collect:
- your email address (or Twitter handle, if you contact us via Twitter)
- any other metadata which may be contained in the email header
- any information you provide voluntarily (such as crash logs or other diagnostics)
This information is collected solely to help resolve your support inquiry. We retain support emails indefinitely in order to:
- have context from previous interactions which may help us answer your future questions more quickly and accurately
- identify broad trends in support requests, which may help us identify and solve problems with our products
If you would like to remove support emails you have sent, contact firstname.lastname@example.org.
Some of our products may, by default, collect information about the way you use them. In the case of our software, this data is anonymized before it is sent to us, and cannot be used to personally identify you. Playdate devices may report their device ID, which can be used to identify the registered owner's account, if one exists.
You may opt out of usage analytics if you wish, at any time.
We look only for broad patterns in the aggregated usage data, such as whether or not a particular feature is frequently used, or whether users in general prefer one setting over another. This helps us make informed decisions about the future development of our products.
On Playdate devices, analytics data may include:
- your device ID
- remaining battery percentage
- how long wifi remains on, and how much data is sent and received
- how long the device spends in locked (clock) mode
- how much data is written to the internal storage
- how many times the display is updated
- why and when the device reboots
- how many times buttons are pressed
- errors or other messages logged by the operating system
To be clear, we do not track individual user behavior in our products. We do not receive information from your device's displays, cameras, or microphones.
We retain usage analytics data from our apps for 30 days. We retain usage analytics data from Playdate indefinitely, unless you ask us to remove yours.
By default, if one of our apps crashes while you're using it, anonymized data about the crash will be collected to help us identify the cause of the crash and hopefully fix it in a future update. These "crash logs" contain information such as the state of the app, operating system, and device at the time of the crash, but not your private data.
Crash logs from Playdate devices include its device ID in addition to the above, which can be used to identify the registered owner's account, if one exists
You may opt out of crash log reporting if you wish, at any time.
In our direct-download Mac apps, you may have the option to provide your name, email address, and additional comments when submitting a crash report, but this information is not required. If you do not voluntarily provide your name or email address, nothing else in the crash log can be used to personally identify you. Whenever possible, the app will allow you to review the entire contents of the crash log before you decide whether or not to send it.
Your crash log may be sent to a third-party vendor for collection and aggregation. Please refer to our list of third-party vendors.
On macOS, iOS, and iPadOS devices, Apple may also collect their own app crash logs if the privacy settings of your device allow it.
We retain crash logs from our apps for 30 days. We retain crash logs from Playdate indefinitely, unless you ask us to remove yours.
By default, our Mac apps periodically check to see if a newer version of the app is available, so that you can be given the choice to update if you wish.
For macOS, iOS, or iPadOS apps acquired from one of Apple's App Stores, update checking behavior is managed by the operating system, and the relevant information is processed by Apple, not Panic.
For macOS apps acquired via direct-download from Panic's website, an update check request will be occasionally sent to a Panic-owned server. This request contains the name and current version of the app you are using, and a small amount of metadata about your device (such as which operating system version it is running, and your preferred language) which may be necessary to guide you to the correct update.
You may turn off update checking from the app's preferences window.
Similarly, some of our apps also check with a Panic-owned server when opened to see if there is news about the app to show you. We call this the "soapbox". We might use the soapbox infrequently to, for example, alert you to a significant app update or advise you on how to work around a serious bug. Soapbox requests send only similar metadata to an update check, and no private data is sent.
On Playdate, an update check request will occasionally be automatically sent when the device is locked and displaying the clock screen. This request contains your device ID and current firmware version so we can determine the correct firmware version for your device, and if there are any new or updated games available for your device. The device ID can be used to identify the registered owner's account, if one exists
We retain metadata from update checking and soapbox requests from our apps for one week. We retain metadata from update checking requests from Playdate indefinitely, unless you ask us to remove yours.
You may be given a one-time opportunity to sign up for our email newsletter the first time you open one of our apps. If you decline, no data will be sent. If you accept, the email address you provide will be added to the Panic mailing list.
You can find the button to subscribe to our Playdate mailing list and Playdate developer mailing list on the Playdate website.
Our email lists are low volume (only a few messages per year is typical) and is generally limited to announcements of important product updates or significant new product releases.
We do not sell or otherwise disclose any portion of our email list to third-parties, with the exception of the vendor that provides our mailing list services as necessary to distribute the emails.
If you join one of our email lists, we retain your email address until you ask to be removed. Instructions on how to unsubscribe are contained in all messages sent to the email list. You can also contact us directly at email@example.com to unsubscribe for the Panic mailing list or firstname.lastname@example.org for the Playdate or Playdate developer mailing lists.
Activation is the process by which our software applications verify that you are a legitimately licensed owner of the Panic product you're using.
For macOS, iOS, or iPadOS apps acquired from one of Apple's App Stores, no activation request is sent to Panic-owned servers. Verification of your purchase may occur by processes and servers managed by Apple in this case.
For apps acquired via direct-download from Panic's website, an activation request is performed when you enter a serial number to unlock the app, and may be repeated from time to time by previously activated products.
The activation process consists of a single request sent to a Panic-owned server, containing encrypted information about the serial number you entered into the app. The server verifies whether the serial number is valid, and replies with a digitally signed confirmation if so. Otherwise, an error message is sent back for the app to display to you.
We retain a log of activation requests from our apps for one week.
Playdate devices must be registered to an account on the play.date website in order to receive certain features such as updates and on-device game delivery. We log requests to register a Playdate device with an account. We retain these logs for 30 days.
Upon connecting to an S3 server in Transmit 5, we use macOS Location Services to assist in choosing the nearest S3 endpoint. This location data stays on your Mac, and is not used for any purpose other than to assist S3 connections.
See the Security & Privacy pane of System Preferences to prevent Transmit from accessing Location Services.
When setting the time on a Playdate device, it will contact a third-party web service to guess which time zone you're in based on your IP address. This is solely for the purpose of trying to save you a manual step when setting the time on your device. Your time zone and the name of your region will only be stored locally on your device, and is not accessible to third-party developers. The Playdate operating system does not otherwise determine or identify your location. Playdate devices do not contain GPS hardware. Please refer to our list of third-party vendors to see who provides this service.
When you interact with our servers using a web browser, or indirectly by network requests sent on your behalf by our apps and products, some metadata about the request is logged. This metadata may include:
- your IP address (which can potentially reveal your approximate geographic location)
- the name of the resource requested
- the name and version number of the software making the request (may reveal information about your web browser, operating system, and their configuration)
- whether or not the request was successful
- current date and time
We generally don't look at these logs unless a server is malfunctioning or appears to be getting accessed with malicious intent. We may look at the information in aggregate to see broad statistics such as how many times our apps have been downloaded, or from which source an unusually high amount of network traffic is arriving.
We retain server logs for two weeks.
Third-Party Vendor Services Used
To request removal of your personal information on any of the third-party services that we use, please reach out to those companies directly.
- Sales transactions from the Panic website are provided by Stripe.
- Sales transactions from the Playdate website and Untitled Goose Game Shop are provided by Shopify.
- PayPal is used for purchases from our websites when PayPal is selected as the payment method.
- Shipping, handling, and fulfillment services are provided by Whiplash and Passport.
- Collection and aggregation of usage analytics and crash reports is provided by Memfault, Hockey, and App Center.
- Update checking in direct-download Mac apps is provided by the Sparkle framework.
- IP geolocation services are provided by ipstack.
- Email list service are provided by Sendy.
- Web analytics services are provided by Plausible.
- Payment processing, update checking, and license management of macOS, iOS, or iPadOS apps purchased from Apple's App Stores is managed by Apple.
- Offsite backup services are provided by rsync.net and Dropbox.
- Email and Twitter support requests are managed with Front.
- Communication tools we use internally include Notion and Slack. Customer information may pass through these services as customer support processes occur.
- We use JazzHR during our hiring process.
- Activation services for direct-download Mac apps, and Playdate account registration are managed internally by Panic.
- Physical prints of in-game photographs taken in "Firewatch" were processed by Canvaspop. (This feature has been discontinued.)
Data Not Collected
Except as described above, and as required to perform the product's core functionality at the user's request, Panic apps and products do not send out any private information. This includes:
- Information from device sensors
- Your keyboard input
- Screen contents
- Network traffic
- SSH / Encryption keys
- Contents of files you are working with
Apps like Transmit, whose core purpose is to send and receive your documents over a network, will, of course, send and receive your documents at your request, but not to Panic or any other third-party. Documents in transit will be encrypted only if you use a protocol which supports encryption, such as SFTP, HTTPS, etc., in conjunction with a correctly configured server. It is your responsibility to be aware of the security implications of the file transfer protocols you choose to use. Plain FTP is not encrypted.
Some of our apps provide an optional feature called Panic Sync, which replicates app configuration data across multiple devices you control. If you choose to use Panic Sync, we will collect and store the data necessary to provide the syncing feature. This data will be encrypted before transmission and stored in a way that is unreadable, even by Panic employees.
Refer to the Panic Sync page for specific details on its implementation.
To manage syncing devices, view activity history, or delete your Panic Sync account, visit the account management page.
The only way to retrieve the encrypted data stored in your Panic Sync account is to log in from one of the Panic Sync client apps and allow it to sync.
As you might expect, we keep backups of company data so that a catastrophic data loss event doesn't put us out of business. Although collected personal data expires from our "active" data set according to the schedules mentioned above, it may persist in backups for up to 6 months. Backups are only accessible to specially privileged employees who perform system administration tasks. We consider the backups "cold storage" and we don't pull data from them unless a significant data loss event has occurred.
Games We Publish
Panic acts as publisher for a number of video games created by third-party developers.
Neither Panic nor the game's developer directly collect usage data or any other personal information from the games we publish, unless noted below or in-game.
The games we publish are typically sold via third-party digital storefronts, such as Steam, Epic Games Store, Sony's Playstation store, Microsoft's Xbox store, Apple's App Store, and so on. Additionally, redemption codes for games are sometimes available for purchase in retail stores. Third-party storefronts have their own privacy and data collection policies that apply when you purchase games from them, and typically provide anonymized, aggregated sales and usage statistics to Panic.
"Firewatch" offered an optional feature (since discontinued) where players could order physical prints of their in-game photographs. Users who chose to use this feature provided their email address, shipping address, and copies of the in-game photographs to Panic in order to fulfill the order. Initially, the photos were printed and fulfilled by Panic directly. Those direct orders adhered to the same general guidelines as described above in the section "Website Purchases". Later print orders were forwarded to Canvaspop, a third-party vendor, for fulfillment and thus were subject to their privacy policies as well.
Games Published by Third-Parties
Playdate games created by third-party developers may be self-published. Panic does not typically audit self-published Playdate games for their data collection practices, but discourages data collection.
Opting OutTo opt out of certain types of data collection in one of our products:
- On iOS or iPadOS: refer to the Privacy section in the app's Settings screen.
- On macOS: open the app's General preferences panel and uncheck "Send Crash Reports and Statistics".
- On Playdate: open the device's Settings and select Device Metrics to disable or enable sending crash reports and device analytics. You are also given the choice to opt-out during the initial device setup.
This will prevent these specific types of data from coming to us, but be aware that macOS, iOS, and iPadOS may still collect crash logs and other analytics and send them to Apple unless you have disabled that separately in the operating system's settings.
Citizens of the EU may exercise their rights under the General Data Protection Regulation, such as the rights of access and erasure, by contacting us with their request. We recommend emailing the request to email@example.com.
Residents of California may exercise their rights under the California Consumer Privacy Act, such as the rights of access and erasure, by contacting us with their request. We recommend emailing the request to firstname.lastname@example.org.
If your region has recently enacted a right-to-privacy law not yet listed here, we will honor it.
Questions and Feedback
Our privacy policies might change or be edited for clarity over time. Up-to-date information will always be available from this page.
Please contact us if you have any questions about our data collection or privacy policies. We'll be more than happy to discuss them with you.