Panic Inc.

Panic, Privacy, and You

Overview

We strongly support your right to privacy when using our apps.

Our privacy policy is simple: your data is none of our business. We make money by selling software, not by mining your personal information.

To the extent that our apps and websites can provide their functionality without doing so, we prefer to avoid collecting data from you.

In the cases where we do collect data, we try to be clear about why we're collecting it, tell you how long we keep it, delete it when we no longer need it, and give you the ability to opt out of collection whenever possible.

We use modern security measures to protect collected data, and limit access to only those employees who require access to perform their jobs. We may be legally required to disclose collected data to law enforcement or government agencies in some situations.

Website Purchases

If you purchase a product directly from our website, we collect your:

The purpose of collecting this information is to identify you in the future as a license owner of one of our applications. We may need to verify you are a license owner if, for example:

Because addresses, both real-world and electronic, tend to change over time, having more than one piece of identifying information helps ensure we can find a record of your purchase should you need help down the road.

We do not sell or otherwise disclose this information to third-parties, except as required to complete your transaction. For example, we send it to our credit card processor once at the time of purchase in order to authorize the transaction.

We do not collect or store your credit card number, expiration date, or CVV code. When you purchase from our website, your credit card details are routed directly from your browser to our credit card processor, and are not stored on any Panic-owned server even temporarily.

You may update your personal information with us at any time by emailing support@panic.com.

We retain the personal information related to your purchase indefinitely to facilitate support interactions, unless you ask us to remove it. To request removal of your personal information related to a purchase, contact support@panic.com. If you do this, be sure to keep a copy of your purchased serial numbers, as we will no longer be able to look them up once we have removed your identifying information from our system.

Support Interactions

When handling support requests from you, we collect:

This information is collected solely to help resolve your support inquiry. We retain support emails indefinitely in order to:

If you would like to remove support emails you have sent, contact support@panic.com.

Application Usage Analytics

Some of our apps may, by default, collect information about the way you use them. This data is anonymized before it is sent to us, and cannot be used to personally identify you.

You may opt out of usage analytics if you wish.

We look only for broad patterns in the aggregated usage data, such as whether or not a particular feature is frequently used, or whether users in general prefer one setting over another. This helps us make informed decisions about the future development of our apps.

To be clear, we do not track individual user behavior in our apps. We do not receive information from your device's displays, cameras, or microphones.

We retain usage analytics data for 30 days.

Crash Logs

By default, if one of our apps crashes while you're using it, anonymized data about the crash will be collected to help us identify the cause of the crash and hopefully fix it in a future update. These "crash logs" contain information such as the state of the app, operating system, and device at the time of the crash, but not your private data.

You may opt out of crash log reporting if you wish.

In our direct download Mac apps, you may have the option to provide your name, email address, and additional comments when submitting a crash report, but this information is not required. If you do not voluntarily provide your name or email address, nothing else in the crash log can be used to personally identify you. Whenever possible, the app will allow you to review the entire contents of the crash log before you decide whether or not to send it.

Your crash log may be sent to a third-party vendor for collection and aggregation. Please refer to our list of third-party vendors.

We retain crash logs for 30 days.

Apple may also collect crash logs if the privacy settings of your device allow it.

Update Checking

By default, our Mac apps periodically check to see if a newer version of the app is available, so that you can be given the choice to update if you wish.

For iOS apps or apps acquired from the Mac App Store, update checking behavior is managed by the operating system, and the relevant information is processed by Apple.

For apps acquired via direct download from Panic's website, an update check request will be occasionally sent to a Panic-owned server. This request contains the name and current version of the app you are using, and a small amount of metadata about your device (such as which operating system version it is running, and your preferred language) which may be necessary to guide you to the correct update version.

You may turn off update checking from the app's preferences window.

Similarly, some of our apps also check with a Panic-owned server when opened to see if there is news about the app to show you. We call this the "soapbox". We might use the soapbox infrequently to, for example, alert you to a significant app update or advise you on how to work around a serious bug. Soapbox requests send only similar metadata to an update check, and no private data is sent.

We retain metadata from update checking and soapbox requests for one week.

Email List

You may be given a one-time opportunity to sign up for our email newsletter the first time you open one of our apps. If you decline, no data will be sent. If you accept, the email address you provide will be added to our email list.

Our email list is low volume (only a few messages per year is typical) and is generally limited to announcements of important new versions of our apps or significant new product releases.

We do not sell or otherwise disclose any portion of our email list to third-parties, with the exception of the vendor that provides our mailing list services as necessary to distribute the emails.

If you join our email list, we retain your email address until you ask to be removed. Instructions on how to unsubscribe are contained in all messages sent to the email list. For your convenience, you can also unsubscribe directly, below.

Activation

Activation is the process by which our applications verify that you are a legitimately licensed owner of the Panic product you're using.

For iOS apps or apps acquired from the Mac App Store, no activation request is sent to Panic-owned servers. Verification of your purchase may occur by processes and servers managed by Apple in this case.

For apps acquired via direct download from Panic's website, an activation request is performed when you enter a serial number to unlock the app, and may be repeated from time to time by already activated products.

The activation process consists of a single request sent to a Panic-owned server, containing encrypted information about the serial number you entered into the app. The server verifies whether the serial number is valid, and replies with a digitally signed confirmation if so. Otherwise, an error message is sent back for the app to display to you.

We retain a log of activation requests for one week.

Logging

When you interact with our servers using a web browser, or indirectly by network requests sent on your behalf by our apps, some metadata about the request is logged. This metadata may include:

We generally don't look at these logs unless a server is malfunctioning or appears to be getting used in a malicious way. We may look at the information in aggregate to see broad statistics such as how many times our apps have been downloaded, or from which source an unusually high amount of network traffic is arriving.

We retain web server logs for two weeks.

Third-Party Vendor Services Used

Data Not Collected

Except as described above, and as required to perform the application's core functionality at the user's request, Panic apps do not send out any private information. This includes:

Apps like Transmit, whose core purpose is to send and receive your documents over a network, will, of course, send and receive your documents at your request, but not to Panic or any other third party. Documents in transit will be encrypted only if you use a protocol which supports encryption, such as SFTP, HTTPS, etc., in conjunction with a correctly configured server. It is your responsibility to be aware of the security implications of the file transfer protocols you choose to use. Plain FTP is not encrypted.

Panic Sync

Some of our apps provide an optional feature called Panic Sync, which replicates app configuration data across multiple devices you control. If you choose to use Panic Sync, we will collect and store the data necessary to provide the syncing feature. This data will be encrypted before transmission and stored in a way that is unreadable, even by Panic employees.

Refer to the Panic Sync page for specific details on its implementation.

To manage syncing devices, view activity history, or delete your Panic Sync account, visit the account management page.

The only way to retrieve the encrypted data stored in your Panic Sync account is to log in from one of the Panic Sync client apps and allow it to sync.

Opting Out

To opt out of certain types of data collection in one of our apps:

This will prevent these specific types of data from coming to us, but be aware that the operating system may still collect crash logs and other analytics and send them to Apple unless you have disabled that separately in the operating system's settings.

Backed-up Data

As you might expect, we keep backups of company data so that a catastrophic data loss event doesn't put us out of business. Although collected personal data expires from our "active" data set according to the schedules mentioned above, it may persist in backups for up to 6 months. Backups are only accessible to specially privileged employees who perform system administration tasks. We consider the backups "cold storage" and we don't pull data from them unless a significant data loss event has occurred.

Rights of EU Citizens Under GDPR

Citizens of the EU may exercise their rights under the General Data Protection Regulation, such as the rights of access and erasure, by contacting us with their request. We recommend emailing the request to gdpr@panic.com.

Questions and Feedback

Our privacy policies might change or be edited for clarity over time. Up-to-date information will always be available from this page.

Please contact us if you have any questions about our data collection or privacy policies. We'll be more than happy to discuss them with you.