Privacy Policy

Last updated: May 14, 2026

1. Introduction

Empiric Apps("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our applications: Zenithal (Docker & Kubernetes Management), EmpiricCommander (Dual-Pane File Manager), and Tappie (Homebrew Package Manager), collectively the "Apps," and our website at https://www.empiricapps.com(the "Website").

This policy applies to all users globally, including those in the European Economic Area (EEA), United Kingdom, California, and other jurisdictions with specific privacy regulations.

Browser extensions: Our Chrome extensions are covered by separate, extension-specific privacy policies because they collect no data and run entirely in your browser:

2. Data Controller

Empiric Apps is the data controller responsible for your personal data. If you have questions about this policy or our data practices, contact us at: contact@empiricapps.com

3. Information We Collect

3.1 Information You Provide

  • Account Information: Email address and name when you purchase a license or create an account.
  • Authentication Data: When you sign in using OAuth providers (Apple, Google, or GitHub), we receive your provider user ID and email address to link your account. We do not store your OAuth passwords or access tokens permanently.
  • Payment Information: Processed securely by our payment provider, Lemon Squeezy. We do not store credit card numbers or banking details on our servers.
  • Support Communications: Information you provide when contacting our support team.
  • Subscription Information: Your subscription tier, status, and billing period to manage your access to features.
  • License Information: License keys and activation status for one-time purchase products (EmpiricCommander).

3.2 Information Collected Automatically

  • Device Information (Zenithal): Hardware identifier (for license activation), device name, operating system version, and app version.
  • Device Information (EmpiricCommander): A cryptographic hash (SHA-256) of your hardware identifier is sent to our server on first launch to manage your 7-day free trial. We also collect your operating system version and app version. This data is not linked to your identity unless you later create an account and purchase a license. The hardware hash cannot be reversed to identify your specific device.
  • Download Information: When you download any of our Apps, we record the download event, app version, your IP address, and country (derived from IP) to track download statistics.
  • Usage Data: App launch events, feature usage statistics, and crash reports (if you opt-in).
  • Log Data: IP address, browser type, pages visited, time and date of visit, and time spent on pages (Website only).

3.3 Information We Do NOT Collect

For Zenithal:

  • Container contents, source code, or Docker/Kubernetes configurations
  • Environment variables or secrets stored in your containers
  • Network traffic or data transmitted to/from your containers
  • File system contents of your computer or containers

For EmpiricCommander:

  • File names, contents, or directory structures on your device
  • Files transferred to or from remote servers (SFTP, S3, Azure, Google Drive, etc.)
  • Remote server credentials, SSH keys, OAuth tokens, or connection details
  • Terminal commands or output
  • Universal Shelf contents
  • Google Drive file contents, metadata, or directory structure (when using the Drive connector, files flow device ↔ Google directly without passing through our servers, except when you explicitly initiate a cross-provider transfer to S3, SFTP, or another backend)

For Tappie:

  • Your Homebrew packages list or installed software
  • Package configurations or formulae contents
  • Terminal commands or output
  • File system contents of your computer

3.4 Google Drive Integration (EmpiricCommander)

EmpiricCommander integrates with Google Drive using Google's OAuth 2.0 flow and the drive.file scope. We disclose the specifics below in line with the Google API Services User Data Policy, including the Limited Use requirements.

What we access:when you connect your Google account in EmpiricCommander and pick specific files or folders through Google's Picker, we access metadata (name, MIME type, size, modified time, parent folder ID) and content for the items you picked. We do not see, list, or index files you have not explicitly picked. We do not access your full Drive.

How we use it: exclusively to provide the user-facing Drive features inside EmpiricCommander - listing picked files in a pane, opening files for read/write, uploading changes back, and (when you initiate it) copying files between Drive and another connection.

Where the data flows:file content moves directly between your device and Google's servers. It does not pass through Empiric Apps infrastructure. The only exception is when you initiate a cross-provider copy (e.g., Drive to S3) within EmpiricCommander; in that case the content streams through the app, on your device, between the two endpoints. We still never store it on our servers.

What we do not do with Google Drive data (Limited Use compliance):

  • We do not transfer Drive data to advertising or marketing tools.
  • We do not sell or rent Drive data.
  • We do not use Drive data to train AI or machine-learning models.
  • We do not allow humans (including our employees) to read Drive data, except (a) with your explicit consent, (b) for security purposes such as investigating abuse, (c) to comply with applicable law, or (d) where the data has been aggregated and anonymized for internal operational metrics.

Local caching: EmpiricCommander caches Drive metadata (file lists, thumbnails) on your device for responsiveness. The cache is cleared automatically when you disconnect Drive in the app.

How to revoke access:at any time you can disconnect Drive directly inside EmpiricCommander (Settings -> Connections -> Google Drive -> Disconnect). You can also revoke EmpiricCommander's access from your Google account at myaccount.google.com/permissions. Either action terminates EmpiricCommander's ability to read or write your Drive files immediately.

OAuth tokens: the access token and refresh token issued by Google are stored in the system Keychain on your device. They are never transmitted to Empiric Apps servers. Revoking access in Google or disconnecting in EmpiricCommander deletes the tokens locally.

For end-to-end user guidance, see our Google Drive integration docs.

4. How We Use Your Information

We use your information for the following purposes and legal bases:

  • Contract Performance: To provide, maintain, and deliver the App and services you purchased; to manage your license and activations; to process transactions.
  • Legitimate Interests: To improve our App and services; to analyze usage patterns; to detect, prevent, and address technical issues or fraud; to send important product updates.
  • Consent: To send marketing communications (you can opt-out at any time); to collect optional analytics and crash reports.
  • Legal Obligation: To comply with applicable laws and regulations; to respond to legal requests.

5. How We Share Your Information

We do not sell your personal data. We may share your information with:

  • Payment Processor (Lemon Squeezy): Lemon Squeezy acts as our Merchant of Record and processes all payments. They collect payment information directly and are responsible for PCI compliance. See Lemon Squeezy's Privacy Policy.
  • Infrastructure Providers: Cloud hosting services that store our databases and serve our website, under strict data processing agreements.
  • Analytics (if enabled): Anonymized usage statistics to help us improve the App.
  • Legal Requirements: When required by law, court order, or governmental authority.

6. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. When we transfer data outside the EEA or UK, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Transfers to countries with an adequacy decision
  • Other legally approved transfer mechanisms

7. Data Retention

We retain your personal data only as long as necessary:

  • Account and License Data: For the duration of your license validity, plus 3 years for tax and legal compliance.
  • Transaction Records: 7 years as required by financial regulations.
  • Support Communications: 2 years after resolution.
  • Trial Device Data (EmpiricCommander): Hashed hardware identifiers and associated trial information are retained for the duration of the trial and up to 1 year after the trial expires, then automatically deleted.
  • Analytics Data: 26 months, then automatically deleted or anonymized.

8. Your Privacy Rights

8.1 Rights for All Users

  • Access: Request a copy of your personal data.
  • Correction: Request correction of inaccurate data.
  • Deletion: Request deletion of your personal data.
  • Opt-out: Unsubscribe from marketing communications.

8.2 Additional Rights for EEA/UK Residents (GDPR)

  • Restriction: Request restriction of processing.
  • Portability: Receive your data in a portable format.
  • Object: Object to processing based on legitimate interests.
  • Withdraw Consent: Withdraw consent at any time (where processing is based on consent).
  • Lodge Complaint: File a complaint with your local data protection authority.

8.3 Additional Rights for California Residents (CCPA/CPRA)

  • Right to Know: Categories and specific pieces of personal information collected.
  • Right to Delete: Request deletion of personal information.
  • Right to Opt-Out: We do not sell personal information.
  • Non-Discrimination: We will not discriminate against you for exercising your rights.
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Limit: Limit the use of sensitive personal information.

Self-service tools (signed-in users only, available at /account):

  • Download my data: JSON export of your profile, licenses, devices, downloads, and telemetry events. Rate-limited to one export per 24 hours.
  • Edit display name: updates immediately. Email change still requires contacting support.
  • Delete my account: permanently removes your profile, sessions, devices, and operational data. License transaction records are anonymized (your identity removed) but retained for 7 years to comply with Romanian tax law (Cod fiscal art. 25), per GDPR Article 17(3)(b). If you have an active Lemon Squeezy subscription, you must cancel it separately through the LS customer portal to stop billing.

For anything not covered above (correction of records, objection to processing, withdrawal of consent, etc.), contact us at contact@empiricapps.com. We will respond within the timeframe required by applicable law (typically 30 days for GDPR, 45 days for CCPA).

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (TLS/HTTPS) and at rest
  • Regular security assessments and updates
  • Access controls and authentication
  • Secure infrastructure hosted by reputable cloud providers

However, no method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

10. Cookies and Tracking Technologies

Our Website uses cookies and similar technologies:

  • Essential Cookies: Required for the Website to function properly (CSRF protection, Supabase Auth session). These cannot be disabled and do not require consent under ePrivacy Directive Article 5(3) (strictly necessary).
  • Analytics (Vercel Web Analytics): We use Vercel Web Analytics to measure aggregate page traffic. It does not set any cookies - events are collected via first-party JavaScript with IP addresses anonymized after geolocation. No cross-site tracking, no personal profile built.
  • Payment Cookies: Set by Lemon Squeezy when you visit checkout pages, to process payments securely.

You can control cookies through your browser settings. Note that disabling essential cookies will break sign-in and security features.

11. Children's Privacy

Our App and services are not intended for children under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at contact@empiricapps.com.

12. Third-Party Links

Our Website and App may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on our Website with a new "Last updated" date
  • Sending an email notification for significant changes (if we have your email)
  • Displaying a notice in the App

Your continued use of the App after changes become effective constitutes acceptance of the revised policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Empiric Apps
Email: contact@empiricapps.com

15. Jurisdiction-Specific Disclosures

For EU/EEA/UK Residents

Under GDPR, you have the right to lodge a complaint with a supervisory authority in the EU/EEA member state of your habitual residence, place of work, or place of alleged infringement.

For California Residents

Categories of personal information collected in the last 12 months: Identifiers, commercial information, internet activity, and inferences. We collect this information for the business purposes described in Section 4.

Do Not Sell or Share My Personal Information: We do not sell or share (for cross-context behavioral advertising) your personal information as defined under CCPA/CPRA.

For Nevada Residents

Nevada residents may submit a request to opt-out of the sale of personal information. We do not currently sell personal information as defined under Nevada law.