Privacy Policy - Cate by Blue Ghost

Plain-language summary: We collect only what we need to sell and manage your software license. The application runs entirely on your device. We have no ability to access, view, or collect any data, files, or content you work with inside the application.

1. Introduction

Blue Ghost, LLC ("Company," "we," "our," or "us") develops and distributes Cate, a desktop application distributed as a downloadable installer for Windows, Linux, and macOS (the "Application"). This Privacy Policy explains what information we collect, how we collect it, why we use it, and your rights regarding that information.

This policy applies to information collected through our license purchase portal at blueghost.ai and through the Application itself. It does not apply to third-party services you may use alongside the Application.

By purchasing a license or installing the Application, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please do not install or use the Application.

2. How the Application Works

Understanding our privacy practices requires a brief explanation of how the Application is designed.

Cate is a locally installed desktop application built on the Electron framework. Once installed, it runs directly on your computer. All processing, file handling, and application functionality occurs on your local device. The Application does not upload, stream, or otherwise transmit your work data to our servers or any third-party servers.

We have no ability to access the data you work with in the Application. We do not want it, we do not receive it, and we have designed the Application so that it is never sent to us.

The only outbound network connections the Application makes are:

License validation requests to our licensing server, to verify your license key is active.

These connections are described in detail in Section 4.

3. Information We Collect

3.1 Purchase and Account Data

When you purchase a license through our portal, we collect the following information:

Full name and email address;
Company or organization name (if provided);
Billing name and billing address;
License key(s) issued to your account;
License tier, purchase date, renewal date, and license status;
Number of activated devices and activation timestamps.

3.2 Payment Data

All payment transactions are processed by a third-party payment processor Lemon Squeezy (https://www.lemonsqueezy.com). We do not receive or store full payment card numbers. The payment-related data retained in our systems is limited to:

Transaction ID and purchase amount;
Payment method type (e.g., card brand — not full card number);
Renewal and refund history.

Your full card details are handled entirely by our payment processor and are governed by their privacy policy and PCI-DSS security certification. We encourage you to review their privacy policy at https://www.lemonsqueezy.com/privacy.

3.3 License Validation Data

Each time the Application starts, it sends a license validation request to our licensing vendor (Lemon Squeezy) to confirm your license is valid and active. We encourage you to review their privacy policy at https://www.lemonsqueezy.com/privacy.

3.4 Crash Reports (Optional)

If enabled, the Application automatically submits a crash report when it encounters an unhandled error. Crash reports contain:

A stack trace identifying the code location of the error;
Application version, operating system type and version, and available system memory;
A random session identifier (not linked to your account).

Crash reports do not contain your name, email address, license key, or any data from files you have open. You can disable crash reporting at any time in the Application's Settings menu. If disabled, crashes will still be logged locally on your device but will not be transmitted to us.

3.5 Support Communications

If you contact us for support, we collect:

Your name and email address;
The content of your support request;
Any log files, screenshots, or other attachments you voluntarily provide.

Please do not include sensitive personal data or confidential business information in support requests unless it is directly necessary to diagnose your issue.

3.6 Information We Do NOT Collect

We do not collect, access, or process: the contents of any files you open or create in the Application; any keystrokes, clipboard contents, or screen activity; your browsing history or activity in other applications; your location; or any usage analytics or in-app behavioral data.

4. How We Use Your Information

We use the information described above for the following specific purposes:

License issuance and management: To generate, activate, validate, transfer, and renew your license key(s).
Payment processing: To complete your purchase, manage subscription billing, and process refunds.
Customer support: To respond to your questions and resolve technical issues you report.
License enforcement: To detect unauthorized sharing or misuse of license keys and enforce per-seat limits using device fingerprints.
Security and fraud prevention: To identify and block fraudulent purchases, chargebacks, and attempts to circumvent license controls.
Software stability: To use anonymized crash reports to identify and fix bugs in the Application.
Transactional communications: To send license confirmation, activation instructions, renewal reminders, and important product notices. We do not send promotional email without your separate opt-in.
Legal compliance: To comply with applicable laws, tax obligations, and lawful government requests.

5. Legal Basis for Processing (EEA/UK Users)

If you are located in the European Economic Area or the United Kingdom, our legal bases for processing your personal data are:

Contractual necessity (Article 6(1)(b) GDPR): Processing required to deliver your license and enable the Application to function.
Legitimate interests (Article 6(1)(f) GDPR): License enforcement, fraud prevention, and crash reporting to maintain Application stability.
Legal obligation (Article 6(1)(c) GDPR): Tax records, financial compliance, and responding to lawful government requests.
Consent (Article 6(1)(a) GDPR): Crash reporting (opt-in/opt-out controlled in Settings) and any optional marketing communications.

6. Sharing and Disclosure

6.1 Service Providers

We share data with a small number of third-party service providers acting on our behalf. These providers are contractually prohibited from using your data for any purpose other than providing the service we have engaged them for. Current categories include:

Payment processor — to handle purchase transactions and subscription billing;
Cloud hosting provider — to host our license management portal and database;
Email delivery service — to send transactional emails (license confirmations, renewal notices);
Crash reporting service — to receive and store anonymized diagnostic reports;
Customer support platform — to manage support ticket communications.

6.2 Legal Requirements

We may disclose your information if required by law or in good-faith belief that disclosure is necessary to: (a) comply with a legal obligation or valid legal process; (b) protect our rights or property; (c) investigate or prevent fraud or security incidents; or (d) protect the safety of our users or the public.

6.3 Business Transfers

In the event of a merger, acquisition, or asset sale, your data may be transferred as part of that transaction. We will provide reasonable notice before your data becomes subject to a materially different privacy policy.

6.4 No Sale of Data

We do not sell, rent, or trade your personal information to third parties for their commercial purposes.

7. Data Retention

We retain your information only as long as necessary for the purposes described in this policy or as required by law:

License and account data: Retained for the life of your license and for seven (7) years thereafter, as required for tax and financial record-keeping.
Payment records: Retained for seven (7) years in accordance with applicable financial regulations.
Crash reports: Retained for up to twelve (12) months, after which they are deleted or permanently anonymized.
Support communications: Retained for three (3) years after your last contact.

When data is no longer required, we securely delete or anonymize it.

8. Data Security

We take reasonable technical and organizational measures to protect the personal data we hold:

All data transmitted between the Application and our servers (license validation, crash reports) is encrypted in transit using TLS 1.2 or higher;
Sensitive data stored in our systems is encrypted at rest;
Access to personal data is restricted to authorized personnel with a legitimate need;
We do not store full payment card data — all card handling is performed by our PCI-DSS compliant payment processor;
We conduct periodic reviews of our security practices.

No security measure is perfect. In the event of a data breach affecting your personal data, we will notify you as required by applicable law.

9. Data Stored Locally on Your Device

The Application stores the following data on your local device:

Your license key and activation status, cached locally to allow the Application to start without an internet connection;
Application preferences and configuration settings;
Crash logs (if crash reporting is disabled, these remain on-device only);
Any files, projects, or data you create or import while using the Application.

This locally stored data is under your control. Uninstalling the Application will remove the application files; depending on your operating system, some preference or cache files may remain in your user profile directory and can be deleted manually.

We have no access to locally stored data.

10. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you.
Correction: Request that we correct inaccurate or incomplete data.
Deletion: Request deletion of your personal data, subject to our legal retention obligations.
Portability: Receive your data in a structured, machine-readable format.
Restriction: Request that we restrict processing of your data in certain circumstances.
Objection: Object to processing carried out on the basis of legitimate interests.
Withdraw consent: Where processing is based on consent (e.g., crash reporting), withdraw it at any time via the Application's Settings menu or by contacting us.

California residents may have additional rights under the CCPA/CPRA, including the right to know what data we hold, the right to delete, and the right to opt out of the sale of personal information. We do not sell personal information.

To exercise any of these rights, contact us at privacy@blueghost.ai. We will respond within the timeframe required by applicable law (typically 30 days) and may need to verify your identity before processing your request.

11. International Data Transfers

Our servers and service providers may be located in the United States or other countries that may have different data protection standards than your country of residence. Where we transfer personal data from the EEA, UK, or Switzerland to third countries, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission or other lawful transfer mechanisms.

12. Children's Privacy

The Application is not directed to children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us and we will promptly delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this document. For significant changes, we will notify you by email (at the address associated with your license) or via a notice displayed within the Application at next launch. Continued use of the Application following notice of a material change constitutes your acceptance of the revised policy.

14. Contact Us

If you have questions, requests, or concerns about this Privacy Policy or our data practices, please contact our privacy team:

Blue Ghost, LLC — Privacy Team
Email: privacy@blueghost.ai

If you are located in the EEA or UK and are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority (e.g., the ICO in the UK, or your national data protection authority within the EU).