Privacy Policy
Cheeks — Local Secrets & Context Manager
Last updated: February 8, 2026
1. Introduction
This Privacy Policy explains how Fly-by-wire AB (“Company”, “we”, “us”), a company registered in Sweden, collects, uses, and protects information in connection with the Cheeks application and CLI tool (the “Software”).
We built Cheeks with privacy as a core principle. The Software is designed to store your data locally on your device. We have minimal data collection by design.
2. Data Controller
The data controller for the purposes of GDPR and other applicable data protection laws is:
Fly-by-wire AB
Email: support@flybywire.se
Website: https://flybywire.se
3. What Data We Collect
3.1 Data Stored Locally on Your Device (We Do NOT Have Access)
The following data is stored exclusively on your device and is never transmitted to us:
- Secrets: API keys, tokens, credentials, and their descriptions.
- Context files: Markdown/text content and embedded images.
- Project configurations: Project names, descriptions, and directory mappings.
- Notes: Text content and images associated with projects.
- Application preferences: Your local settings and configurations.
This data is encrypted at rest using AES-256-GCM. The encryption key is generated and stored in the macOS Keychain, which is tied to your device and user account.
We cannot access, read, or recover this data. If you lose access to your device, or if your macOS Keychain is reset or becomes inaccessible (e.g., due to OS reinstallation, device migration, or hardware failure), your encrypted data will become permanently unrecoverable. We do not have the encryption keys and cannot assist with data recovery. Please refer to our Terms of Service for your data responsibility obligations.
3.2 Data Transmitted to Our Servers
The only data transmitted to our servers is used for license management:
| Data | Purpose | When |
|---|---|---|
| License Key | To verify your purchase and manage activations | On license activation, validation, and deactivation |
| Machine ID | To tie a license activation to a specific device | On license activation, validation, and deactivation |
The Machine ID is a hardware identifier (UUID) generated by your device. It does not contain personal information such as your name, email, or location.
3.3 Data Collected by Stripe (Payment Processor)
When you purchase a license, payment is handled by Stripe, Inc. Stripe may collect:
- Name, email address, and billing address.
- Payment card details.
- Transaction information.
We do not store your payment card details. Stripe processes payments in accordance with their own privacy policy: https://stripe.com/privacy.
We may receive from Stripe: your email address, transaction ID, and purchase amount for the purpose of order fulfillment and customer support.
3.4 Data We Do NOT Collect
- No analytics or telemetry.
- No usage tracking or behavioral data.
- No IP address logging from the Software.
- No cookies (the Software is a native application, not a web service).
- No advertising identifiers.
- No location data.
4. How We Use Your Data
| Data | Legal Basis (GDPR) | Purpose |
|---|---|---|
| License Key | Performance of contract (Art. 6(1)(b)) | License activation, validation, and enforcement |
| Machine ID | Performance of contract (Art. 6(1)(b)) | Tying license activations to devices |
| Email (from Stripe) | Performance of contract (Art. 6(1)(b)) | Order fulfillment, sending license keys, customer support |
We do not use your data for marketing, profiling, or automated decision-making unless you explicitly opt in to receive communications from us.
5. Data Sharing
We do not sell, rent, or trade your personal data.
We share data only with:
- Stripe, Inc. (payment processing) — governed by Stripe's Privacy Policy.
- Law enforcement or regulatory authorities — only when required by applicable law.
6. Data Retention
- License data (License Key, Machine ID): Retained for as long as your license is active, plus a reasonable period after expiration for reactivation support.
- Payment data: Retained by Stripe in accordance with their retention policies and applicable financial regulations.
- Local data: Stored on your device indefinitely until you delete it or uninstall the Software. We have no control over this data.
7. Data Security
We implement appropriate security measures:
- Local data: Encrypted with AES-256-GCM. Encryption keys stored in the macOS Keychain.
- Data in transit: All communication with our license server uses HTTPS/TLS encryption.
- Payment data: Handled by Stripe, a PCI DSS Level 1 certified payment processor.
While we employ industry-standard measures, no method of electronic storage or transmission is 100% secure.
8. Your Rights
8.1 Under GDPR (EU/EEA Users)
You have the right to:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate data.
- Erasure: Request deletion of your personal data (“right to be forgotten”).
- Restriction: Request restriction of processing of your data.
- Portability: Receive your data in a structured, commonly used, machine-readable format.
- Object: Object to processing of your data.
- Withdraw consent: Where processing is based on consent, you may withdraw it at any time.
- Lodge a complaint: File a complaint with a supervisory authority. In Sweden, this is Integritetsskyddsmyndigheten (IMY) at https://www.imy.se.
8.2 Under CCPA (California Users)
If you are a California resident, you have the right to:
- Know what personal information is collected about you.
- Request deletion of your personal information.
- Opt out of the sale of your personal information (we do not sell personal information).
- Non-discrimination for exercising your rights.
8.3 Exercising Your Rights
To exercise any of these rights, contact us at support@flybywire.se. We will respond within 30 days (or within the timeframe required by applicable law).
9. International Data Transfers
Our license server may process data outside the EU/EEA. Where this occurs, we ensure appropriate safeguards are in place in accordance with GDPR requirements, such as Standard Contractual Clauses (SCCs) or adequacy decisions by the European Commission.
10. Children's Privacy
The Software is not directed at individuals under the age of 16. We do not knowingly collect data from children. If you believe we have inadvertently collected data from a child, please contact us at support@flybywire.se and we will promptly delete it.
11. Third-Party Links
The Software may contain links to third-party websites (e.g., our website, Stripe). This Privacy Policy does not apply to those websites. We encourage you to review the privacy policies of any third-party site you visit.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Updated versions will be posted on our website with a revised “Last updated” date. For material changes, we will make reasonable efforts to notify users.
13. Contact
For questions or concerns about this Privacy Policy or your data, contact us at:
Fly-by-wire AB
Email: support@flybywire.se
Website: https://flybywire.se