Privacy Policy

Last updated: May 19, 2026

1. Introduction

This Privacy Policy describes how Cody Yeager / Show Tools ("we," "us," "our") collects, uses, and protects your personal information in connection with the ATTACCA website (attacca.co) and the ATTACCA desktop application. We are committed to protecting your privacy and handling your data responsibly.

2. Information We Collect

Information you provide directly

  • Email address (when purchasing a license, signing up for beta access, or contacting support)
  • Name (when creating an account or submitting a contact form)
  • Payment information (processed entirely by Paddle — we never see, receive, or store your credit card number, bank details, or full billing address)
  • License key and activation data

Information collected automatically by the website

  • Standard web traffic data: page views, referral source, browser type, device type, country/region
  • Essential cookies for website functionality (session management, preferences)
  • Cloudflare, our hosting provider, may collect standard web traffic and security data per their privacy policy (cloudflare.com/privacypolicy)

Information collected by the ATTACCA desktop application

  • License validation requests sent to Keygen.sh, containing: your license key and a machine fingerprint (a one-way hash derived from your hardware that cannot be used to identify your specific components)
  • The application does NOT collect telemetry, usage analytics, or behavioral data
  • The application does NOT access, upload, or transmit your show files, cue lists, scripts, media files, or any user-created content
  • Crash logs are generated locally on your machine if the application encounters an error. These logs are NOT automatically transmitted to us. You may choose to share them when contacting support.
  • The application connects to the internet only for: license validation (Keygen.sh), update checks, and the Web Remote feature (local network only)

Information collected by Paddle (payment processor)

  • Paddle acts as the Merchant of Record for all purchases. When you make a purchase, Paddle collects your name, email address, billing address, and payment method.
  • Paddle's privacy policy: paddle.com/privacy
  • From Paddle, we receive only: your email address, transaction ID, license tier purchased, and subscription status. We do NOT receive your credit card number, bank details, or full billing address.

Information collected by Keygen (license management)

  • Keygen.sh manages license activation and validation. Keygen receives your license key, machine fingerprint, and activation timestamps.
  • Machine fingerprints are one-way hashes — they cannot be reversed to identify your hardware.
  • Keygen's privacy policy: keygen.sh/privacy

3. How We Use Your Information

  • To provide, activate, and validate your ATTACCA license
  • To process payments and manage subscriptions (via Paddle)
  • To prevent unauthorized use of the Software (via Keygen)
  • To provide customer support when you contact us
  • To send important product updates, security notifications, or service announcements (infrequent — we do not send marketing emails unless you opt in)
  • To improve the website experience through aggregated, non-identifying analytics

We do NOT sell, rent, trade, or share your personal information with third parties for their marketing purposes. Ever.

4. Data Storage and Security

  • Website data is hosted on Cloudflare (global CDN, US-headquartered)
  • Payment data is processed and stored by Paddle (EU-headquartered, GDPR compliant)
  • License data is managed by Keygen.sh (SOC 2 Type II certified)
  • We use industry-standard security measures including encryption in transit (TLS/SSL) for all data transmission
  • No user-created content from the ATTACCA application is stored on our servers or any third-party servers

5. Data Retention

  • Account and license data: retained for as long as your license is active, plus 12 months after expiration or cancellation, after which it is deleted
  • Payment records: retained as required by applicable tax law (typically 7 years), managed by Paddle
  • Support correspondence: retained for up to 24 months
  • Crash logs: stored locally on your machine — you control their retention and deletion

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Right to access: Request a copy of the personal data we hold about you
  • Right to correction: Request correction of inaccurate or incomplete data
  • Right to deletion: Request deletion of your personal data ("right to be forgotten")
  • Right to portability: Request your data in a portable, machine-readable format
  • Right to restrict processing: Request that we limit how we use your data
  • Right to opt out: Opt out of marketing communications at any time

For California residents (CCPA): You have the right to know what personal information is collected, to request its deletion, and to opt out of its sale. We do not sell personal information.

For EU/EEA residents (GDPR): Our legal basis for processing your data is contractual necessity (to provide the software and services you purchased) and legitimate interest (to improve our services and prevent fraud).

To exercise any of these rights, email [email protected]. We will respond within 30 days.

7. Cookies

The ATTACCA website uses only essential cookies required for basic site functionality (such as session management). We do not use advertising, tracking, or third-party marketing cookies.

Cloudflare may set security-related cookies to protect the site from malicious traffic. See Cloudflare's cookie policy for details.

If we implement analytics in the future, we will update this policy and provide clear opt-out options before any tracking cookies are set.

8. Children's Privacy

ATTACCA is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected data from a child under 13, we will delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us at [email protected].

9. International Data Transfers

Your data may be processed in the United States and other countries where our service providers operate. We ensure that appropriate safeguards are in place for all international data transfers. Paddle is EU-headquartered and GDPR compliant. Keygen.sh is SOC 2 Type II certified. Cloudflare maintains data processing agreements and standard contractual clauses for international transfers.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. Material changes will be communicated via the website or by email to registered users. The "Last updated" date at the top of this page will be revised with each update. Continued use of the Software or website after changes constitutes acceptance of the revised policy.

11. Contact

For privacy questions, data requests, or concerns, contact us at [email protected].