Privacy Policy

1. Scope

This policy covers three things: (a) the marketing website at opensatchel.dev, (b) the Open Satchel desktop application, and (c) data handled when you purchase a commercial license.

2. Marketing website (opensatchel.dev)

The site is a static set of HTML pages served from Cloudflare. It does not:

• Set first-party cookies
• Run analytics or tag manager scripts (no Google Analytics, Plausible, Fathom, etc.)
• Embed third-party tracking pixels
• Build a profile of visitors

What is unavoidably logged at the network level:

• Cloudflare edge logs — IP address, user agent, request path, and timestamp for each request, retained per Cloudflare's policy. Used for DDoS protection and abuse mitigation. See Cloudflare's privacy policy.
• TLS handshake metadata — same as any HTTPS site.

Web fonts are loaded from Google Fonts via next/font, which serves the font files from our origin (not directly from Google). Google does not see your IP for font requests on this site.

3. Desktop application

The Open Satchel desktop app runs entirely on your machine. The app does not call home, does not run analytics, does not require an account, and does not perform license checks against a server.

The complete list of network calls the app can make is documented in the project's PRIVACY.md file. In summary:

• RFC 3161 timestamps during PDF signing — only if you enable timestamps in the Sign dialog. Sends a ~200-byte hash to a TSA URL of your choice. No document content is sent.
• OCSP/CRL revocation lookups during Long-Term Validation signing — only if enabled. Sends the certificate serial number. No document content is sent.
• Tesseract OCR language data on first OCR use per language — downloads model files from cdn.jsdelivr.net. No document content is sent. Pre-place language files for fully air-gapped use.

Any other network activity from the app is a bug — please report it to security@opensatchel.dev.

4. Files you open and edit

Document content stays in RAM and on the disk location you choose. It is never transmitted (except for the hash-only signing cases above). The app records the path of recently opened files locally so it can show them on the start page; clear the list at any time with the "Clear recent" action.

5. Purchasing a commercial license

Self-serve commercial licenses are sold through Lemon Squeezy, our Merchant of Record. When you buy a license:

• Lemon Squeezy collects payment information (name, billing address, card details, email) directly. Open Satchel does not receive or store your payment card.
• Lemon Squeezy provides Open Satchel with the buyer's name, email, country, and order details so we can issue the license.
• Lemon Squeezy collects and remits applicable VAT/GST/sales tax on our behalf.
• For full details on Lemon Squeezy's data handling, see their Privacy Policy.

Enterprise tiers (engine/SDK/OEM) are sold via direct contract. In that case we hold whatever business contact and signing party information is necessary to fulfill the agreement. We do not share it with third parties beyond payment processors and accountants.

6. Email correspondence

Email sent to licensing@, support@, or security@opensatchel.dev is received and stored in Google Workspace. Google's privacy policy applies to that infrastructure. We retain support and licensing emails for as long as the customer relationship is active, plus a reasonable archive period for tax and legal records.

7. Your rights

We do not maintain a database of visitors or users. There is generally nothing to access, correct, or delete because we collect very little. If you have purchased a license and want a copy of the records we hold about you, or want them deleted (subject to our legal record-keeping obligations), email licensing@opensatchel.dev.

EU/UK residents have rights under GDPR/UK-GDPR (access, rectification, erasure, portability, objection). California residents have rights under CCPA/CPRA. Email the address above and we'll respond within 30 days.

8. Children

Open Satchel is a productivity tool for general use. We do not knowingly collect data from anyone under 16. If you believe we have, contact us and we will delete it.

9. Changes

When this policy changes, the "Last updated" date above changes. Material changes will be highlighted at the top of the page for at least 30 days. The full revision history lives in the public site repository.