Privacy

What we store, what we don't, and how to take everything back.

What stays on your Mac

Files you create with abroo apps live on your device. We don't read them, sync them, or copy them to any server. If your Mac is off, abroo can't see them.

What we store on a server

  • Email: to send your sign-in code and account receipts.
  • Purchase records: what you bought, when, and for how much. Required for refunds and tax.
  • License keys: to verify which apps you own.
  • Active sessions: to keep you signed in across Macs.

Nothing else. No analytics, no behavioral telemetry, no third-party SDKs.

Payments

Card processing runs through Paddle (PCI DSS Level 1). abroo never touches your card number. We see only the last four digits, expiry, and brand.

Who processes your data

These vendors process data as processors on our behalf, under data-processing agreements (GDPR Art. 28):

  • Supabase: account sign-in (email code) and optional cloud sync. DPA.
  • Resend: delivery of sign-in and receipt emails.

Paddle (Paddle.com Market Ltd.) acts as the Merchant of Record and seller of record for your purchase. For payment and billing, Paddle is an independent data controller under its own Privacy Notice and Buyer Terms — not a processor acting on our behalf.

Your data may be processed outside Korea — by Supabase in Tokyo (Japan) and by Paddle in the UK, EU, and US — to provide sign-in, sync, and payment. We keep account data until you delete your account; purchase records are retained up to 5 years where Korean tax and e-commerce law requires, then deleted. We don't sell your data, and we don't share it with anyone outside these providers.

Your rights

You can export or delete everything we have at any time — just email abroo@abroo.io and we'll take care of it. Deletion is permanent.

If you're in California, you can request access to or deletion of your data any time by emailing abroo@abroo.io. We don't sell your data.

Cookies

The site sets no advertising or analytics cookies. When you open checkout, Paddle sets cookies strictly necessary to process payment and prevent fraud. Your browser also keeps app state locally (localStorage) on your device, and that never leaves it.

Legal basis & California

For users in the EU, EEA, and UK, we process data to perform our contract with you (account, purchases, and optional sync) and on our legitimate interest in operating and securing the service (GDPR Art. 6(1)(b) and (f)). For California residents (CCPA/CPRA), we do not sell or share your personal information, we honor Global Privacy Control signals, and you may request access or deletion as above.

Operator

Broo, a sole proprietorship registered in South Korea. See /business for the registration number, address, and EU representative.

Updated 2026.06.01. This policy applies to all abroo products and subscriptions.