The short version: we collect what we need to run the service — your account details, your payment info via Stripe, and operational data about your Mac. We don't sell anything to anyone, we don't track you across the web, and we use the smallest set of sub-processors we can get away with. You can ask us what we hold, correct it, or delete it whenever you like.
1. Who we are
Halfpenny Mac (“we”, “us”, “our”) is the data controller for the personal data described in this policy. We are based in England, United Kingdom.
You can reach us at team@halfpennymac.com for any privacy question or to exercise your rights under UK GDPR.
2. What we collect and why
We collect the minimum personal data we need to run the service. Here's the full list:
| What | Why | Lawful basis |
|---|---|---|
| Email address | To sign you in, send account, billing, and support emails, and notify you about your machine. | Contract |
| Password (hashed, never plaintext) | To authenticate you. Managed by Supabase Auth. | Contract |
| Display name (optional) | Personalisation only. | Consent |
| Payment information (last 4 digits of card, expiry, billing country) | To bill your subscription. The card number itself is held by Stripe — we never see or store it. | Contract |
| Machine request details (use case, tier, billing cadence, optional bundle / custom-software notes) | To provision and configure your Mac. | Contract |
| Initial macOS credentials (encrypted at rest with AES-256-GCM) | So you can sign in to your Mac. Decrypted only when you click “Reveal credentials” on your dashboard. | Contract |
| Reveal log (timestamp, IP address) | Security audit trail for credential reveals. | Legitimate interests (account security) |
| Support ticket content | To answer your questions and keep a record of the conversation. | Contract |
| Backups of your Mac's home directory (encrypted at rest) | Disaster recovery — 14 rolling days of nightly snapshots. | Contract |
| Operational telemetry from your Mac (uptime, CPU anomalies, outbound traffic patterns) | To keep the service running and detect abuse (mining, malware, spam). | Legitimate interests (service operation, abuse prevention) |
| Basic web analytics (anonymised page views, referrer, country) | To understand how the site is performing. | Legitimate interests (improving the service) |
We do not collect anything about you from third-party data brokers, we do not build advertising profiles, and we do not enrich your account with data scraped from the web.
3. Cookies and tracking
We use the smallest set of cookies we can:
- Authentication cookies (Supabase) — required to keep you signed in. Strictly necessary; cannot be disabled.
- Vercel Analytics — anonymised page-view counts. No tracking cookies, no cross-site identifiers.
- Conversion pixels (X / Twitter, Reddit) — fired once on signup so we can measure ad campaign performance. These set cookies on their own domains and are subject to those companies' privacy policies. You can block them with any ad-blocker without affecting how the service works.
We don't use Google Analytics, Meta pixel, or any general-purpose ad tech beyond the two conversion pixels above.
4. Who we share data with
We share data only with the sub-processors needed to run the service. Each is bound by a Data Processing Agreement. The full list:
| Sub-processor | Purpose | Where data is held |
|---|---|---|
| Supabase | Authentication and primary database (account, requests, credentials, tickets). | EU (Ireland) |
| Stripe | Payment processing, card storage, invoicing. | UK / EU / US |
| Vercel | Hosting the website and serverless functions. | Global edge, primarily EU |
| Resend | Sending transactional email (welcome, billing, support replies). | US (SCC-protected) |
| Backblaze B2 | Encrypted nightly snapshots of your Mac's home directory. | EU (Amsterdam) |
| Tailscale | Private-network coordination to reach your Mac. We only see device metadata, never your traffic. | Global / US |
| Google (OAuth, optional) | Sign-in if you choose “Continue with Google”. Only triggered with your consent. | Global |
We do not share, rent, or sell your data to advertisers, data brokers, or anyone else. If we ever needed to add a new sub-processor we'd update this page first.
5. International transfers
Where data leaves the UK / EU (notably to Resend in the US), transfers are protected by the European Commission's Standard Contractual Clauses with the UK addendum, plus the EU–US Data Privacy Framework where the recipient is certified.
6. How long we keep your data
- Account data — for as long as your account is active.
- Payment records / invoices — 7 years after the transaction, as required by UK tax law.
- Backups of your Mac — 14 rolling days while active; deleted within 14 days of termination.
- Support tickets — 2 years after closure, then deleted.
- Reveal log — 12 months, then deleted.
- On account termination — your Mac is wiped using a secure-erase process; account data is deleted within 30 days except where we are legally required to retain it (e.g. payment records).
7. Security
We take security seriously because we run other people's computers. Specifically:
- Encryption in transit — TLS 1.3 on the website; SSH and Tailscale-encrypted for connections to your Mac.
- Encryption at rest — AES-256-GCM for stored credentials in our database; nightly Mac snapshots encrypted on Backblaze B2.
- Access control — admin actions require MFA; database access is service-role-only; the password reveal flow is decrypt-on-demand with a 30-second display window.
- No plaintext passwords anywhere — your account password is hashed by Supabase Auth; your Mac password is encrypted and only ever decrypted in-memory on your dashboard.
- Incident response — if we ever experienced a personal-data breach, we'd notify affected users without undue delay (and the ICO within 72 hours where required).
8. Your rights
Under UK GDPR you have the right to:
- Access — ask us for a copy of the data we hold about you.
- Rectify — correct anything that's wrong.
- Erase — ask us to delete your account and the data tied to it, subject to legal retention requirements (e.g. invoices).
- Portability — get a machine-readable export of your data.
- Object — to processing based on legitimate interests.
- Withdraw consent — at any time, for anything you previously consented to (e.g. optional profile fields, conversion-pixel firing).
- Complain — to the UK Information Commissioner's Office (ico.org.uk) if you think we've mishandled your data. We'd rather you talked to us first, but it's your right.
To exercise any of these rights, email team@halfpennymac.com. We'll respond within 30 days — usually much sooner.
9. Children
Halfpenny Mac is a B2B / professional service. We do not knowingly collect data from anyone under 18 and the service is not directed at children.
10. Changes to this policy
We may update this policy from time to time. For material changes that affect how we use your data, we'll notify you by email at least 30 days before the change takes effect. Routine clarifications and typo fixes are made silently — the “Last updated” date at the top of this page reflects the most recent revision.
11. Contact
Any privacy question, rights request, or concern: team@halfpennymac.com.