Last Updated: June 27, 2026
Gammal Software, Inc. ("Company," "we," "us," or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website metadock.app and use the MetaDock desktop application.
lib/legal-content.ts):Correlation: Hashed hardware ID (de-duplication only), never directly to email, name, or other identifying fields. You can disable telemetry in Settings > Privacy & Security > "Anonymous Usage Telemetry".
Not collected via telemetry:
What We Do NOT Collect
Legal Basis for Processing (GDPR)
To Provide Services
To Improve Services
To Communicate
Legal & Security
The list below is the canonical source of truth for our subprocessors. It is rendered from lib/legal-content.ts and is identical to the subprocessor table in our DPA and to /docs/privacy-policy.txt §5.
Subscription payment processing
Location: United States & global • Privacy Policy
Transactional and marketing email (subscription receipts, license keys, optional newsletter)
Location: France / European Union • Privacy Policy
Website analytics: session replays, heatmaps, click maps on metadock.app (loaded only after analytics-cookie consent)
Location: United States, with global Microsoft infrastructure • Privacy Policy
Browser engine inside the MetaDock desktop application; sends standard Edge diagnostics directly to Microsoft
Location: Global Microsoft infrastructure • Privacy Policy
Application crash and error diagnostics (stack traces, application version, OS, hashed hardware ID); retained ~90 days
Location: United States • Privacy Policy
Active Accounts
We retain your information while your account or subscription is active
Inactive Accounts
Retained for 7 years after closure for tax and legal compliance, then deleted
Mailing List
Until you unsubscribe (removed within 10 business days, per CASL)
Support Communications
Retained for 3 years, then deleted
We implement reasonable technical and organizational measures to protect your personal information:
No method of transmission or storage is completely secure. If we become aware of a data breach that affects your personal information, we will notify you and any applicable regulatory authorities as required by law. Where GDPR Article 33 applies, we notify the competent supervisory authority within 72 hours of becoming aware of a breach; under PIPEDA, we report breaches that pose a real risk of significant harm to the Office of the Privacy Commissioner of Canada and to affected individuals as soon as feasible.
Access
Request a copy of your personal information
Correction
Request correction of inaccurate data
Deletion
Request deletion of your data (subject to legal exceptions)
Opt-Out
Unsubscribe from marketing emails anytime
Object
Object to certain uses of your information
Portability
Get your data in a portable format
Restrict Processing
Request we limit how we use your data (GDPR Article 18)
18+ Requirement
MetaDock is intended for users 18 years of age or older. By using MetaDock, you represent that you are at least 18 years old. If you are under 18, you may not use MetaDock.
MetaDock is designed for adults and business use. We do not knowingly collect personal information from children.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at:
We will promptly investigate and delete any personal information belonging to users under the age of 18 from our systems.
Important Third-Party Disclosure
MetaDock uses Microsoft Edge WebView2 as its browser engine. WebView2 may send diagnostic and performance data to Microsoft, including crash reports, performance metrics, and feature usage statistics.
Important: Gammal Software, Inc. does NOT receive, access, or control the diagnostic data that WebView2 sends to Microsoft. This data is sent directly from your device to Microsoft's servers.
Microsoft's data collection is governed by Microsoft's Privacy Policy. You may have some control through Windows privacy settings.
Person in charge of personal information protection (Quebec Law 25 / Privacy Officer)
Gammal Software, Inc. has designated a Privacy Officer responsible for compliance with applicable privacy laws — including Quebec's Act respecting the protection of personal information in the private sector(as amended by Law 25), Canada's PIPEDA, the EU GDPR, and the California CCPA/CPRA. The Privacy Officer is the point of contact for any question, complaint, or request to exercise your rights.
Daniel Gammal, Privacy Officer
Email: [email protected]
Mail: Daniel Gammal (Privacy Officer), Gammal Software, Inc., 303D-2967 Dundas Street West, Toronto, Ontario M6P 1Z2, Canada
Privacy Inquiries
General Support
Mailing Address & Telephone
Gammal Software, Inc.
303D-2967 Dundas Street West
Toronto, Ontario M6P 1Z2
Canada
Telephone: +1 (647) 547-6803
If you are a Canadian resident, you have specific rights under PIPEDA including:
Contact: www.priv.gc.ca • Phone: 1-800-282-1376
Quebec availability. MetaDock is not currently offered for sale to Quebec residents while we finalize French-language agreements and a Law 25 cross-border transfer assessment. The provisions in this section describe the protections we are putting in place and intend to honour; they reflect our intended compliance posture rather than a representation that every Law 25 obligation is fully operational today.
If you reside in Quebec, you have additional rights under Quebec's Act respecting the protection of personal information in the private sector, as amended by Law 25 (formerly Bill 64), in addition to your federal PIPEDA rights:
Cross-border transfers
Some of our service providers store or process personal information outside Quebec — primarily in the United States and the European Union. Before transferring personal information outside Quebec, we assess whether the receiving jurisdiction provides protection equivalent to that offered under Quebec law, and we rely on contractual safeguards (Standard Contractual Clauses or equivalent) where necessary. The third-party processors involved are listed in Section 5 above.
Risks associated with US-routed transfers. Personal information processed in the United States (Stripe, Microsoft Clarity, Microsoft for WebView2 diagnostics) may be subject to access by US government authorities under US law, including the Clarifying Lawful Overseas Use of Data Act (CLOUD Act) and Section 702 of the Foreign Intelligence Surveillance Act (FISA 702). These laws can compel a US-based service provider to disclose data without notice to the data subject, regardless of where the data is physically stored. Mailjet (France/EU) is not subject to those US laws but may receive requests under EU member-state laws or mutual legal assistance treaties. We disclose this so you can make an informed decision; if these risks are unacceptable for your use case, please do not provide personal information to us.
Automated decision-making
We do not currently use automated decision-making (including profiling that produces legal or significant effects) on personal information of Quebec residents. If that changes, we will update this Privacy Policy and notify affected users.
Person in charge of personal information protection
Our Privacy Officer is responsible for ensuring compliance with Quebec Law 25 and is your point of contact for any privacy-related question, complaint, or request. See Section 12 for contact details.
Commission d'accès à l'information: www.cai.gouv.qc.ca
If you are in the EEA, UK, or Switzerland, you have specific GDPR rights including:
Transfers outside the EEA
Personal information processed by our US-based providers (Stripe, Microsoft Clarity, Microsoft for WebView2 diagnostics) is transferred to the United States. The US is not the subject of a current EU adequacy decision; we rely on Standard Contractual Clauses with those providers as the transfer mechanism (GDPR Art. 46(2)(c)). Per the Schrems II judgment (CJEU C-311/18), US surveillance laws including the CLOUD Act and FISA Section 702 may compel disclosure of data without notice to the data subject, regardless of where the data is physically stored. Mailjet (France) processes email in the EU and is not subject to those US laws. We surface this risk so you can decide whether to provide personal information to us; you may also exercise the rights above to limit or terminate that processing.
For material changes to this policy, we will request your explicit consent.
If you are a California resident, you have specific CCPA/CPRA rights including:
We do NOT sell your personal information to third parties for money.
"Sale" and "sharing" are defined broadly under the CCPA/CPRA. Some analytics activities we perform may fall within those definitions (see Section 4). You can opt out at any time by rejecting our analytics consent banner, clearing cookies, or emailing [email protected]. We do not transfer your identity to advertisers or data brokers.
ACKNOWLEDGMENT
BY USING OUR WEBSITE OR APPLICATION, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY. WHERE THE LAW REQUIRES CONSENT — FOR EXAMPLE, ANALYTICS COOKIES OR MARKETING EMAILS — WE OBTAIN IT SEPARATELY THROUGH A CLEAR OPT-IN, NOT THROUGH YOUR USE OF THE SITE ALONE.
Copyright © 2026 Gammal Software, Inc. All rights reserved.