Privacy Policy

Overview

This Privacy Policy explains how Tomita Militaru ("we", "us", or "our") collects, uses, and protects information in connection with the Volans macOS application (the "App") and the website at getvolans.app (the "Website").

By using the App or Website, you agree to the practices described in this policy.

Data We Collect

We collect only the minimum data necessary to operate the service:

Website analytics: The Website does not use any tracking pixels, fingerprinting, or persistent cookies. Basic server access logs (IP address, page requested, timestamp) may be retained by our hosting provider (Railway) for up to 30 days for security and operational purposes.

Data Processed by the App

The following data is processed locally on your device only and is never transmitted to our servers:

• Railway API token — stored exclusively in the macOS Keychain, protected by your login password and optionally Touch ID.
• Project, service, and deployment data — fetched on demand from Railway's API and held in memory; not persisted to disk beyond macOS's standard caching mechanisms.
• Environment variables — retrieved from Railway's API only when you open the env var editor and never written to disk.
• App preferences — stored in the macOS user defaults domain (app.getvolans.Volans) on your local device.

Volans does not include any telemetry, usage analytics SDK, or third-party advertising framework.

How We Use Your Data

We use the limited data we collect solely to:

• Respond to support enquiries.
• Diagnose and fix crashes when you choose to share a crash report.
• Comply with legal obligations.

We do not use your data for advertising, profiling, or any purpose beyond operating and improving Volans.

Sharing & Disclosure

We do not sell or rent your personal data. We share it only with:

• Legal authorities — if required by law, court order, or to protect our legal rights.

No other third parties receive your personal data.

Data Retention

Support correspondence is retained for up to 2 years after resolution, then deleted.

Crash reports shared voluntarily are deleted once the underlying bug is resolved.

Security

We take reasonable technical and organisational measures to protect your data. Railway API tokens are stored in the macOS Keychain — one of the most secure credential stores available on macOS. Communication between the App and Railway's API is encrypted via HTTPS/TLS.

No method of transmission or storage is 100% secure. If you discover a security issue, please report it responsibly to support@getvolans.app.

Children's Privacy

Volans is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you.
• Rectification — ask us to correct inaccurate data.
• Erasure — request deletion of your data, subject to legal retention requirements.
• Restriction — ask us to limit how we process your data.
• Portability — receive your data in a structured, machine-readable format.
• Objection — object to certain types of processing.

To exercise any of these rights, email support@getvolans.app. We will respond within 30 days. EU/EEA residents may also lodge a complaint with their local data protection authority.

Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes will be communicated via the Website or an in-app notice.

Your continued use of the App or Website after changes are posted constitutes acceptance of the revised policy.

Contact

For privacy-related questions or to exercise your rights, contact: