Privacy Policy

Last Updated: April 3, 2026

Gammal Software, Inc. ("Company," "we," "us," or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website metadock.app and use the MetaDock desktop application.

1. Information We Collect

Personal Information You Provide

Email Address: When you subscribe to our mailing list, contact us for support, or create an account
Contact Information: Name (optional) when provided in contact forms
Payment Information: Processed by Stripe (we only store Stripe identifiers, not your credit card details)

Information Automatically Collected

Website Analytics: Via Microsoft Clarity (session recordings, heatmaps, click data). Clarity is loaded only after you accept analytics cookies.
Application License Data: Hashed hardware ID, license key, activation status
Application Telemetry: MetaDock periodically sends anonymized usage data to our servers to help us improve the product. This includes: app version, OS version, CPU architecture, and aggregate usage counts (number of browsers, workspaces, layouts, and profiles in use, and session uptime). Your machine is identified only by a one-way hardware hash. This data does not include any browsing activity, URLs, credentials, or personal information.

What We Do NOT Collect

✗ We do not collect or access your browsing history
✗ We do not collect websites you visit using MetaDock
✗ We do not collect bookmarks, passwords, or form data
✗ We do not collect wallet addresses, private keys, or cryptocurrency information
✗ Your workspace data and browser profiles remain LOCAL on your device

2. How We Collect Information

Directly from you: When you create an account, subscribe to our mailing list, contact support, or make a purchase.
Automatically: Through website analytics (Microsoft Clarity), application telemetry, and standard server logs when you visit our website or use our application.
From third parties: Payment confirmation from Stripe, affiliate referral tracking from partner links.
From your browser engine: Microsoft WebView2 (the browser engine in MetaDock) sends standard diagnostics and telemetry to Microsoft as part of its normal operation. See Section 11 for details.

Legal Basis for Processing (GDPR)

Contract performance: Account creation, license management, subscription processing, support.
Consent: Marketing emails, analytics cookies (Microsoft Clarity), affiliate tracking cookies.
Legitimate interest: Application telemetry for product improvement, fraud prevention, security.
Legal obligation: Tax records, compliance with applicable law.

3. How We Use Your Information

To Provide Services

• Process subscriptions
• Verify licenses
• Provide customer support
• Send transactional emails

To Improve Services

• Analyze website usage
• Fix bugs and errors
• Develop new features
• Understand user behavior

To Communicate

• Marketing emails (opt-in only)
• Newsletters (if subscribed)
• Support responses
• Service updates

Legal & Security

• Comply with legal obligations
• Enforce Terms & Conditions
• Protect against fraud
• Maintain business records

5. Third-Party Service Providers

Stripe

Payment Processing

Processes subscription payments securely. PCI-DSS Level 1 certified.

Location: United States • Privacy Policy

Mailjet

Sends transactional emails (license keys, receipts). You can unsubscribe from marketing emails anytime.

Location: France/EU • Privacy Policy

Vercel

Hosting

Hosts our website.

Location: Canada/US • Privacy Policy

Microsoft Clarity

Analytics (Consent Required)

Session recording, heatmaps, and interaction analytics to understand how visitors use our website. Loaded only after you accept analytics cookies via our consent banner.

Location: United States/Global • Privacy Policy

Sentry

Error Tracking

Captures crash reports and error data from the MetaDock desktop application to help us identify and fix bugs.

Location: United States • Privacy Policy

Microsoft WebView2

Browser Engine

Powers the MetaDock Application browser functionality. See Section 11 for details.

Location: Global • Privacy Policy

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to improve your browsing experience and analyze website traffic.

Essential Cookies

Required for the website to function properly. These cannot be disabled.

• Session management
• Security and authentication
• Cookie consent preferences

Analytics Cookies (Optional - Requires Consent)

Help us understand how visitors use our website. Loaded only after you accept analytics cookies via our consent banner.

Microsoft Clarity: Session recordings, heatmaps, click patterns, scroll depth, and interaction data. Helps us understand how visitors navigate the site. Does not collect passwords or payment information.

You can accept or reject analytics cookies via the consent banner shown on your first visit. Your choice is stored in the analytics-consent cookie for 1 year.

Affiliate Tracking Cookie (Optional - Requires Consent)

When you arrive via an affiliate referral link, we ask your consent to set a cookie that credits the referring partner.

metadock_affiliate: Stores the affiliate partner code. Duration: 90 days. Set only if you accept via the affiliate consent banner.
affiliate-consent: Records your accept/reject decision. Duration: 1 year.

If you reject the affiliate cookie, the referral code is passed via URL parameters instead. The referring partner may receive a commission if you purchase a subscription.

Managing Cookies

You can control cookies through our cookie consent banner or your browser settings:

• Accept or reject analytics cookies via our consent banner
• Clear cookies through your browser settings
• Block cookies entirely (may affect website functionality)

Browser Cookie Controls:

• Chrome: Settings → Privacy and security → Cookies
• Firefox: Settings → Privacy & Security → Cookies
• Safari: Preferences → Privacy → Cookies
• Edge: Settings → Cookies and site permissions

7. Data Retention

Active Accounts

We retain your information while your account or subscription is active

Inactive Accounts

Retained for 7 years after closure for tax and legal compliance, then deleted

Mailing List

Until you unsubscribe (removed within 30 days)

Support Communications

Retained for 3 years, then deleted

8. Data Security

We implement reasonable technical and organizational measures to protect your personal information:

Encryption: All website traffic is encrypted via TLS/HTTPS. Payment processing is handled by Stripe (PCI-DSS Level 1 certified).
Password security: Account passwords are hashed using Argon2id. API keys are hashed using BLAKE2b.
Access control: API access is authenticated via bearer tokens with rate limiting and IP-based lockout after failed attempts.
Local data: Your workspaces, browser profiles, bookmarks, and browsing data are stored locally on your computer and are not transmitted to our servers.
Infrastructure: Our web infrastructure is hosted on Vercel (SOC 2 Type II certified) with servers in Canada and the United States.

No method of transmission or storage is completely secure. If we become aware of a data breach that affects your personal information, we will notify you and any applicable regulatory authorities as required by law (including PIPEDA breach notification requirements and GDPR Article 33/34) within 72 hours of becoming aware of the breach.

9. Your Privacy Rights

📋

Access

Request a copy of your personal information

✏️

Correction

Request correction of inaccurate data

🗑️

Deletion

Request deletion of your data (subject to legal exceptions)

📧

Opt-Out

Unsubscribe from marketing emails anytime

🚫

Object

Object to certain uses of your information

📤

Portability

Get your data in a portable format

⏸

Restrict Processing

Request we limit how we use your data (GDPR Article 18)

To exercise any of these rights, contact:

[email protected]

We respond within 30 days

10. Age Restriction & Children's Privacy

18+ Requirement

MetaDock is intended for users 18 years of age or older. By using MetaDock, you represent that you are at least 18 years old. If you are under 18, you may not use MetaDock.

Children's Privacy

MetaDock is designed for adults and business use. We do not knowingly collect personal information from children.

• No Collection from Minors: We do not knowingly collect personal information from anyone under 18 years of age
• No Marketing to Minors: Our marketing materials and services are directed at adults
• Age Requirement: Users must be 18+ to use our services

Parental Notice

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at:

[email protected]

We will promptly investigate and delete any personal information belonging to users under the age of 18 from our systems.

11. Microsoft WebView2 Privacy Disclosure

Important Third-Party Disclosure

MetaDock uses Microsoft Edge WebView2 as its browser engine. WebView2 may send diagnostic and performance data to Microsoft, including crash reports, performance metrics, and feature usage statistics.

Important: Gammal Software, Inc. does NOT receive, access, or control the diagnostic data that WebView2 sends to Microsoft. This data is sent directly from your device to Microsoft's servers.

Microsoft's data collection is governed by Microsoft's Privacy Policy. You may have some control through Windows privacy settings.

12. Contact Us

Privacy Inquiries

[email protected]

General Support

[email protected]

Mailing Address

Gammal Software, Inc.
303D-2967 Dundas Street West
Toronto, Ontario M6P 1Z2
Canada

13. Privacy Rights for Specific Jurisdictions

🇨🇦 Canada (PIPEDA)

If you are a Canadian resident, you have specific rights under PIPEDA including:

• Right to access your personal information
• Right to correction of inaccurate data
• Right to withdraw consent
• Right to file a complaint with the Office of the Privacy Commissioner of Canada

Contact: www.priv.gc.ca • Phone: 1-800-282-1376

🇪🇺 European Union (GDPR)

If you are in the EEA, UK, or Switzerland, you have specific GDPR rights including:

• Right of access and rectification
• Right to erasure ("right to be forgotten")
• Right to data portability
• Right to object to processing
• Right to lodge a complaint with a supervisory authority

For material changes to this policy, we will request your explicit consent.

🇺🇸 California (CCPA/CPRA)

If you are a California resident, you have specific CCPA rights including:

• Right to know what personal information we collect
• Right to delete your personal information
• Right to correct inaccurate information
• Right to opt-out of sale (we do NOT sell your data)
• Right to non-discrimination for exercising your rights

We do NOT sell your personal information to third parties.

ACKNOWLEDGMENT

BY USING OUR WEBSITE OR APPLICATION, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY AND CONSENT TO OUR COLLECTION, USE, AND DISCLOSURE OF YOUR PERSONAL INFORMATION AS DESCRIBED HEREIN.

Download full text version

Privacy Policy

Last Updated: April 3, 2026

1. Information We Collect

Personal Information You Provide

Email Address: When you subscribe to our mailing list, contact us for support, or create an account
Contact Information: Name (optional) when provided in contact forms
Payment Information: Processed by Stripe (we only store Stripe identifiers, not your credit card details)

Information Automatically Collected

Website Analytics: Via Microsoft Clarity (session recordings, heatmaps, click data). Clarity is loaded only after you accept analytics cookies.
Application License Data: Hashed hardware ID, license key, activation status
Application Telemetry: MetaDock periodically sends anonymized usage data to our servers to help us improve the product. This includes: app version, OS version, CPU architecture, and aggregate usage counts (number of browsers, workspaces, layouts, and profiles in use, and session uptime). Your machine is identified only by a one-way hardware hash. This data does not include any browsing activity, URLs, credentials, or personal information.

What We Do NOT Collect

✗ We do not collect or access your browsing history
✗ We do not collect websites you visit using MetaDock
✗ We do not collect bookmarks, passwords, or form data
✗ We do not collect wallet addresses, private keys, or cryptocurrency information
✗ Your workspace data and browser profiles remain LOCAL on your device

2. How We Collect Information

Directly from you: When you create an account, subscribe to our mailing list, contact support, or make a purchase.
Automatically: Through website analytics (Microsoft Clarity), application telemetry, and standard server logs when you visit our website or use our application.
From third parties: Payment confirmation from Stripe, affiliate referral tracking from partner links.
From your browser engine: Microsoft WebView2 (the browser engine in MetaDock) sends standard diagnostics and telemetry to Microsoft as part of its normal operation. See Section 11 for details.

Legal Basis for Processing (GDPR)

Contract performance: Account creation, license management, subscription processing, support.
Consent: Marketing emails, analytics cookies (Microsoft Clarity), affiliate tracking cookies.
Legitimate interest: Application telemetry for product improvement, fraud prevention, security.
Legal obligation: Tax records, compliance with applicable law.

3. How We Use Your Information

To Provide Services

• Process subscriptions
• Verify licenses
• Provide customer support
• Send transactional emails

To Improve Services

• Analyze website usage
• Fix bugs and errors
• Develop new features
• Understand user behavior

To Communicate

• Marketing emails (opt-in only)
• Newsletters (if subscribed)
• Support responses
• Service updates

Legal & Security

• Comply with legal obligations
• Enforce Terms & Conditions
• Protect against fraud
• Maintain business records

5. Third-Party Service Providers

Stripe

Payment Processing

Processes subscription payments securely. PCI-DSS Level 1 certified.

Location: United States • Privacy Policy

Mailjet

Sends transactional emails (license keys, receipts). You can unsubscribe from marketing emails anytime.

Location: France/EU • Privacy Policy

Vercel

Hosting

Hosts our website.

Location: Canada/US • Privacy Policy

Microsoft Clarity

Analytics (Consent Required)

Session recording, heatmaps, and interaction analytics to understand how visitors use our website. Loaded only after you accept analytics cookies via our consent banner.

Location: United States/Global • Privacy Policy

Sentry

Error Tracking

Captures crash reports and error data from the MetaDock desktop application to help us identify and fix bugs.

Location: United States • Privacy Policy

Microsoft WebView2

Browser Engine

Powers the MetaDock Application browser functionality. See Section 11 for details.

Location: Global • Privacy Policy

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to improve your browsing experience and analyze website traffic.

Essential Cookies

Required for the website to function properly. These cannot be disabled.

• Session management
• Security and authentication
• Cookie consent preferences

Analytics Cookies (Optional - Requires Consent)

Help us understand how visitors use our website. Loaded only after you accept analytics cookies via our consent banner.

Microsoft Clarity: Session recordings, heatmaps, click patterns, scroll depth, and interaction data. Helps us understand how visitors navigate the site. Does not collect passwords or payment information.

You can accept or reject analytics cookies via the consent banner shown on your first visit. Your choice is stored in the analytics-consent cookie for 1 year.

Affiliate Tracking Cookie (Optional - Requires Consent)

When you arrive via an affiliate referral link, we ask your consent to set a cookie that credits the referring partner.

metadock_affiliate: Stores the affiliate partner code. Duration: 90 days. Set only if you accept via the affiliate consent banner.
affiliate-consent: Records your accept/reject decision. Duration: 1 year.

If you reject the affiliate cookie, the referral code is passed via URL parameters instead. The referring partner may receive a commission if you purchase a subscription.

Managing Cookies

You can control cookies through our cookie consent banner or your browser settings:

• Accept or reject analytics cookies via our consent banner
• Clear cookies through your browser settings
• Block cookies entirely (may affect website functionality)

Browser Cookie Controls:

• Chrome: Settings → Privacy and security → Cookies
• Firefox: Settings → Privacy & Security → Cookies
• Safari: Preferences → Privacy → Cookies
• Edge: Settings → Cookies and site permissions

7. Data Retention

Active Accounts

We retain your information while your account or subscription is active

Inactive Accounts

Retained for 7 years after closure for tax and legal compliance, then deleted

Mailing List

Until you unsubscribe (removed within 30 days)

Support Communications

Retained for 3 years, then deleted

8. Data Security

We implement reasonable technical and organizational measures to protect your personal information:

Encryption: All website traffic is encrypted via TLS/HTTPS. Payment processing is handled by Stripe (PCI-DSS Level 1 certified).
Password security: Account passwords are hashed using Argon2id. API keys are hashed using BLAKE2b.
Access control: API access is authenticated via bearer tokens with rate limiting and IP-based lockout after failed attempts.
Local data: Your workspaces, browser profiles, bookmarks, and browsing data are stored locally on your computer and are not transmitted to our servers.
Infrastructure: Our web infrastructure is hosted on Vercel (SOC 2 Type II certified) with servers in Canada and the United States.

9. Your Privacy Rights

📋

Access

Request a copy of your personal information

✏️

Correction

Request correction of inaccurate data

🗑️

Deletion

Request deletion of your data (subject to legal exceptions)

📧

Opt-Out

Unsubscribe from marketing emails anytime

🚫

Object

Object to certain uses of your information

📤

Portability

Get your data in a portable format

⏸

Restrict Processing

Request we limit how we use your data (GDPR Article 18)

To exercise any of these rights, contact:

[email protected]

We respond within 30 days

10. Age Restriction & Children's Privacy

18+ Requirement

MetaDock is intended for users 18 years of age or older. By using MetaDock, you represent that you are at least 18 years old. If you are under 18, you may not use MetaDock.

Children's Privacy

MetaDock is designed for adults and business use. We do not knowingly collect personal information from children.

• No Collection from Minors: We do not knowingly collect personal information from anyone under 18 years of age
• No Marketing to Minors: Our marketing materials and services are directed at adults
• Age Requirement: Users must be 18+ to use our services

Parental Notice

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at:

[email protected]

We will promptly investigate and delete any personal information belonging to users under the age of 18 from our systems.

11. Microsoft WebView2 Privacy Disclosure

Important Third-Party Disclosure

Important: Gammal Software, Inc. does NOT receive, access, or control the diagnostic data that WebView2 sends to Microsoft. This data is sent directly from your device to Microsoft's servers.

Microsoft's data collection is governed by Microsoft's Privacy Policy. You may have some control through Windows privacy settings.

12. Contact Us

Privacy Inquiries

[email protected]

General Support

[email protected]

Mailing Address

Gammal Software, Inc.
303D-2967 Dundas Street West
Toronto, Ontario M6P 1Z2
Canada

13. Privacy Rights for Specific Jurisdictions

🇨🇦 Canada (PIPEDA)

If you are a Canadian resident, you have specific rights under PIPEDA including:

• Right to access your personal information
• Right to correction of inaccurate data
• Right to withdraw consent
• Right to file a complaint with the Office of the Privacy Commissioner of Canada

Contact: www.priv.gc.ca • Phone: 1-800-282-1376

🇪🇺 European Union (GDPR)

If you are in the EEA, UK, or Switzerland, you have specific GDPR rights including:

• Right of access and rectification
• Right to erasure ("right to be forgotten")
• Right to data portability
• Right to object to processing
• Right to lodge a complaint with a supervisory authority

For material changes to this policy, we will request your explicit consent.

🇺🇸 California (CCPA/CPRA)

If you are a California resident, you have specific CCPA rights including:

• Right to know what personal information we collect
• Right to delete your personal information
• Right to correct inaccurate information
• Right to opt-out of sale (we do NOT sell your data)
• Right to non-discrimination for exercising your rights

We do NOT sell your personal information to third parties.

ACKNOWLEDGMENT

Download full text version

Privacy Policy

Table of Contents

1. Information We Collect

Personal Information You Provide

Information Automatically Collected

2. How We Collect Information

3. How We Use Your Information

4. How We Share Your Information

5. Third-Party Service Providers

Stripe

Mailjet

Vercel

Microsoft Clarity

Sentry

Microsoft WebView2

6. Cookies and Tracking Technologies

Essential Cookies

Analytics Cookies (Optional - Requires Consent)

Affiliate Tracking Cookie (Optional - Requires Consent)

7. Data Retention

8. Data Security

9. Your Privacy Rights

10. Age Restriction & Children's Privacy

Children's Privacy

Parental Notice

11. Microsoft WebView2 Privacy Disclosure

12. Contact Us

13. Privacy Rights for Specific Jurisdictions

🇨🇦 Canada (PIPEDA)

🇪🇺 European Union (GDPR)

🇺🇸 California (CCPA/CPRA)

Privacy Policy

Table of Contents

1. Information We Collect

Personal Information You Provide

Information Automatically Collected

2. How We Collect Information

3. How We Use Your Information

4. How We Share Your Information

5. Third-Party Service Providers

Stripe

Mailjet

Vercel

Microsoft Clarity

Sentry

Microsoft WebView2

6. Cookies and Tracking Technologies

Essential Cookies

Analytics Cookies (Optional - Requires Consent)

Affiliate Tracking Cookie (Optional - Requires Consent)

7. Data Retention

8. Data Security

9. Your Privacy Rights

10. Age Restriction & Children's Privacy

Children's Privacy

Parental Notice

11. Microsoft WebView2 Privacy Disclosure

12. Contact Us

13. Privacy Rights for Specific Jurisdictions

🇨🇦 Canada (PIPEDA)

🇪🇺 European Union (GDPR)

🇺🇸 California (CCPA/CPRA)