Legal · Privacy

Privacy

Last updated: 2026-05-04

Macfax is a verification product, not an analytics product. We collect what we need to issue a cert and serve disputes, and not much else. The full list:

What we collect

  • Email address: entered at checkout. The product identifier; there are no usernames or passwords.
  • Payment metadata via Stripe: your last-4, country, and payment status. We never see or store full card numbers.
  • Diagnostic payload: the result of the seller-side macOS app run, signed by your Mac's Secure Enclave. Includes serial number, model identifier, hardware health metrics. Surfaced publicly on the cert page in a form that obscures the full serial (only the last 4 digits are shown).
  • Anonymous session ID (cookie): a UUID stored in your browser to correlate your visits for analytics. Not joined to your email or payment info.

What we don't collect

  • No personal data leaves your Mac during the diagnostic beyond the signed payload. We don't see files, browsing history, app usage, or contents of your home directory.
  • No third-party trackers on the marketing site or cert pages. No retargeting pixels.
  • No location data beyond what Stripe collects for fraud detection at checkout.

The append-only enclave-key registry

The product is built on top of a hardware-key-to-serial mapping that is intentionally append-only forever. This is the cryptographic moat that defeats case-swap fraud (a seller running the cert on Mac A and shipping Mac B): the moment two different serials claim the same enclave key, we surface it.

This means we keep (enclave key fingerprint, serial number, first-seen timestamp) tuples permanently, even after a refund. We delete the association to your email on request (see below), but the cryptographic tuple stays, decoupled from any PII.

Data deletion on request

Email support@macfax.com from the address you used at checkout. We delete:

  • Your email from purchases, certs, and any internal logs
  • Any cert URLs tied to your email (cert pages return 404 from then on)
  • Stripe payment metadata up to what Stripe's retention policy allows

We retain the enclave-key-to-serial mapping (no PII in it) and any aggregate metrics (counts of certs issued per month, etc.).

Contact

Questions? support@macfax.com.