Privacy. The short version.
The product is a privacy tool, so we wrote a privacy policy that you can actually read. There are three places data shows up — the app on your machine, this website, and the payment processor. We say plainly what each one does.
JEP on your machine.
JEP makes one network call in its lifetime: a license check the first time you paste in a key. After that, it does not connect to anything. Lock and unlock operations are entirely local.
No network. Ever. Locking and unlocking happen entirely on your machine. Your PIN, your filenames, your file contents, your folder paths — none of it leaves the disk.
The first time you paste a license key into Settings, the app sends the key plus your machine's anonymous activation ID to our license server, receives a signed activation token, and stores it locally. This happens once. The app does not check in again — no periodic validation, no "phone home."
None. No usage analytics, no crash reports, no feature pings, no "anonymous metrics." If JEP crashes, we won't know unless you email us.
JEP stores a SQLite database (the manifest), an activation token, and your settings in your OS's application-support directory. The manifest contains your PIN in plain text — by design, so you can recover it. Nothing in this directory is uploaded anywhere.
justenoughprivacy.com.
The site uses Cloudflare's edge network for hosting and DNS, and Cloudflare Web Analytics for aggregate traffic data. No cookies are set. No third-party trackers are loaded.
We use Cloudflare Web Analytics, which is cookieless and does not fingerprint visitors. It records page views, referrer, country, and approximate response times — aggregated, not tied to a person. We use this to know whether the site is doing its job. Cloudflare's documentation covers exactly what's collected.
None. No advertising cookies, no analytics cookies, no preference cookies. This is why you didn't see a cookie banner.
The site loads Inter and IBM Plex Mono from Google Fonts. Your browser makes a request to fonts.googleapis.com and fonts.gstatic.com when the page renders. Google's privacy practices apply to those requests. We plan to self-host these fonts before launch to remove the dependency.
Cloudflare's edge keeps short-lived access logs (IPs, request paths, response codes) for abuse detection. We don't ingest or store these ourselves.
Gumroad handles your payment.
When you click Buy, you're redirected to Gumroad's checkout. They take your card details, process the charge, and email you a license key. We never see your payment information.
Your name, email, billing address (for tax purposes), and payment details. Gumroad processes the charge and remits sales tax / VAT where required. Their privacy policy covers what they do with that data.
Your email address, your order number, the platform you bought, and the date. That's it — we use this to associate your email with a license key, and to email you if there's a critical update (a security fix, a refund deadline, etc.). We do not send marketing email. We do not share this list.
When you paste your key into the app, our license server records the activation along with your email, the platform, and an anonymous installation ID. This is what enables the one-time check described above. We do not record IP addresses or machine fingerprints beyond what's needed to issue the activation token.
What you can ask us to do.
If you bought a license, we have your email. If you didn't, we have effectively nothing tied to you. The list below is short on purpose.
Tell us what we know. Or tell us to forget.
Email help@justenoughprivacy.com from the address you bought the license with. We'll send you the records we have (order, license key, activation history) and delete them on request. Note: deleting your activation record disables your installed copy of JEP, because the activation token can no longer be re-issued.
Canada, Ontario.
JEP is operated from Ontario, Canada. PIPEDA applies to our handling of personal information. If you're in the EU or UK, GDPR rights apply where relevant. If you're in California, your CCPA rights apply. The mechanism is the same: email us.
If this policy changes.
We'll update the "last updated" date at the top, and — if the change materially affects what we collect or what we do with it — email everyone who's bought a license. We won't change this policy quietly.