Privacy Policy
CoreGuard is built to keep everything on your Mac. The app itself collects nothing and makes no network connections; the only personal data we hold is the little we need, as the app provider, to deliver and support a license you buy. This policy explains both.
The app collects nothing
- No network. The CoreGuard app makes no network connections of any kind — no telemetry,
no analytics, no crash reporting, no “phone home.” (Internally verified: no
URLSession/sockets/HTTP in the app code. Its third-party components are local-only and make no network connections: GRDB is the local SQLite library used for the history database, and the bundledsmartctl/smartmontools is invoked as a separate local subprocess to read SMART data.) You can verify this yourself at runtime with a network monitor (e.g. Little Snitch) orlsof -i -nP | grep CoreGuard— you’ll see zero connections. - No account, no cloud, no sync. No sign-in, no iCloud/CloudKit.
- No tracking, advertising, or profiling. We do not build a profile of you and have no third-party trackers in the app.
What stays on your Mac (local only)
- Live metrics (CPU / RAM / GPU / temperatures / fans) are read on demand and kept in memory.
- History — a per-minute rollup (CPU %, RAM %, hottest temperature) in a local SQLite
database at
~/Library/Application Support/CoreGuard/history.sqlite(owner-only,700), kept for the retention window you choose (default 365 days; “Forever” keeps everything). - Settings and license in your local user defaults.
- Audit log of impactful actions — a local file in that same folder.
Nothing in that folder or your user defaults is transmitted anywhere by the app.
Permissions the app requests
- Notifications — only if you turn on threshold alerts (opt-in).
- Camera & microphone — only if you open the optional Buyer’s test and start the camera/mic check; a live preview/level meter is shown so you can confirm the hardware works. Nothing is recorded, saved, or transmitted.
The website & checkout (cookies & analytics)
This Privacy Policy’s “collects nothing” promise is about the app. The website is separate:
- We run the marketing site with no advertising trackers and no cookie-based or cross-site tracking. We do not load third-party analytics or advertising scripts on our own pages — the only third-party code we load is the checkout SDK from our merchant of record, and only on the pages where you buy.
- How we measure traffic. The site is delivered through Cloudflare,
our CDN and security provider. Because our content-security policy allows only first-party scripts, even
Cloudflare’s own Web Analytics beacon (which would load from
static.cloudflareinsights.com) is blocked and does not run in your browser. The only traffic measurement is Cloudflare’s aggregate, server-side request statistics (for example request counts, country, and response status), inherent to routing a site through a CDN — this is not based on cookies, runs no script in your browser, and is not used to profile you or track you across sites. See Cloudflare’s privacy policy. Cloudflare may also instruct your browser, through standard response headers, to report failed network requests (for example DNS, TLS, or connection errors) to its network-error-logging endpoint; these reports carry no cookie and no page content, fire only when a request fails, and are used solely for delivery and security diagnostics — not advertising or cross-site profiling. - The checkout is operated by our merchant of record (Paddle) and may set cookies it needs to process your payment and prevent fraud, governed by their privacy/cookie policy (Paddle Privacy Policy).
Purchases (the store)
When you buy CoreGuard Pro, the purchase is handled by our merchant of record (Paddle), who processes your payment and is the seller of record. We never receive or store your payment-card details. The merchant of record collects the billing information needed to complete the sale and comply with tax law under their privacy policy (Paddle Privacy Policy). We receive only what’s needed to issue and support your license — your email and order ID; see License issuance and delivery below for exactly what we keep and for how long.
License issuance and delivery
When you buy a license, we (the app provider — not the merchant of record) keep a minimal record so we can deliver your key and help you recover it later: your order ID, the email you used at checkout, and the license key we issue for you (so we can e-mail it and re-send it if you lose it). We use this only to issue, deliver, re-send, and support your license and to handle refunds — the lawful basis is performance of our contract with you. We keep it for as long as your license is supported (so we can re-send a lost key), plus any period we are legally required to retain sale records for tax and accounting; you can ask us to erase it — subject to those retention duties — by emailing support@coreguard.app. We never store your payment-card details — those stay with our merchant of record.
Email / support
If you email us for support, we use your message and email address only to help you, and we don’t add you to any marketing list without your consent.
Launch list. If you ask us to notify you at launch (the “get notified” form), we store the email address you submit — plus, at most, which plan and where on the site you signed up from, and the signup date — on our own server, and nothing else. We use it for one thing: to email you once, when CoreGuard is available. No newsletter, no drip; we never share or sell it, and we delete it on request — email support@coreguard.app.
Your rights
Because the app collects no personal data, there is little to access, correct, or delete on our side. The main personal data that exists is what you give us by email (support), the license-issuance record we keep (your order ID, checkout email, and the license key — see License issuance and delivery), and the purchase/billing data held by our merchant of record.
- EU / UK (GDPR / UK GDPR). You have the right to access, rectify, erase, restrict, or object to processing of your personal data, and to data portability. The lawful bases we rely on are performance of a contract (issuing and supporting your license) and our legitimate interest in answering support requests. You may lodge a complaint with your local supervisory authority. To exercise these rights, email support@coreguard.app; for billing data, the merchant of record is the relevant controller/processor and we will help you reach them.
- California (CCPA/CPRA). We do not sell or “share” your personal information and do not use it for cross-context behavioral advertising. You may request access to or deletion of the limited personal information we hold (your support email and your order ID, checkout email, and license key from a purchase) by emailing support@coreguard.app.
- Identity verification: to protect you, we may need to confirm you are the person who made the purchase before acting on a request (e.g. by matching the order email).
Children
The CoreGuard app is not directed to children and collects no data from anyone. (The limited support and purchase data described above is the only personal data involved at all.)
Changes
We may update this policy; material changes will be posted on this page with a new effective date.