Privacy Policy

Last updated: 2026-04-13

Who we are

Dotvault is a macOS application for managing .env files. For the purposes of UK data protection law, the data controller is William Wilson, a sole trader operating under the trading name Dotvault, based in the United Kingdom.

I’m a sole trader, so there’s no requirement to appoint a Data Protection Officer under UK GDPR. If you have any questions about this policy or how your data is handled, drop me an email at hello@dotvault.dev.

What data we collect and why

Website analytics

We use Google Analytics to understand how visitors use www.dotvault.dev — which pages are viewed, how long visitors stay, and where traffic comes from. This uses cookies and collects data including your browser type and general location. For EU-based visitors, Google Analytics does not log or store IP addresses — your IP is used on EU-based servers purely to work out a rough location (city, country, region) and is then immediately discarded. We also record anonymous interaction events — when a support form is submitted, when a call-to-action is clicked, and when the help section search is used. Search events record only the length of your search term, never the term itself, and none of these events carry your email, message content, or any other personal data.

We only collect analytics data if you consent via the cookie banner when you first visit the site. You can withdraw consent at any time using the “Manage cookies” link in the website footer — it’s on every page, and it’s just as easy as giving consent in the first place. The legal basis for this processing is consent (UK GDPR Article 6(1)(a)).

Google Analytics data is processed by Google LLC in the United States (see international transfers for safeguards). Google’s privacy policy is available at policies.google.com/privacy.

Support form and email enquiries

If you send us a message via the support form on www.dotvault.dev, your email address and message are processed by Resend and delivered to our support inbox as a transactional email. Resend does not retain the message body beyond the delivery window. If you email us directly at hello@dotvault.dev, your message arrives in our inbox without going through Resend. In either case, we store correspondence only within our email inbox and do not transfer it to any CRM or third-party system. We use the information you provide solely to respond to your enquiry. The legal basis is legitimate interests (UK GDPR Article 6(1)(f)) — specifically, responding to correspondence directed to us.

Application update checks

The Dotvault app periodically checks for updates by making a request to our update server hosted on Cloudflare R2 (releases.dotvault.dev). This request includes your IP address and the current version of the app. We do not log or store this data ourselves — standard Cloudflare server logs may retain it for a short period per Cloudflare’s own retention policies. No personal data beyond what is technically necessary for the HTTPS request is transmitted. The legal basis is legitimate interests (UK GDPR Article 6(1)(f)) — keeping the application secure and up to date.

Purchases and licensing

When you purchase a Dotvault licence, the transaction is handled entirely by Lemon Squeezy, who act as our merchant of record. They collect your name, email address, and payment details to process the purchase. We receive your name, email, and licence details from Lemon Squeezy — we do not receive or store your full payment card details at any point.

On your machine, licence data is stored locally and encrypted via the operating system keychain. It is not transmitted back to us. The app makes periodic validation requests to the Lemon Squeezy API to confirm your licence is still active — these contain your licence key and instance identifier, nothing else.

The legal basis for this processing is contract (UK GDPR Article 6(1)(b)) — it’s necessary to fulfil the licence you purchased.

Anonymous usage telemetry (opt-in)

Dotvault can send anonymous usage data through Aptabase, a privacy-friendly analytics service. This is off by default. On first launch you’ll see a prompt explaining what we collect, and nothing is sent unless you explicitly opt in. You can change your mind any time in Settings → Privacy.

The full, canonical list of every event Dotvault can send — with each closed-enum value spelt out — lives at www.dotvault.dev/help/guides/privacy-telemetry-events. The short version is below.

Alongside every event, we capture your operating system, the app version, and your locale — so we can see which platforms people are actually running on. That’s it for ambient metadata.

Usage events, fired when you interact with the app:

  • app_started — when the app launches.
  • project_created — when you create a project, with the names of any detected frameworks and packages.
  • project_opened — when you switch to a different project in the sidebar.
  • framework_detected — one per detected framework (e.g. Laravel, Next.js).
  • package_detected — one per detected package (e.g. Stripe, Sentry).
  • env_file_created — when you create a .env file, with the template type (blank / framework / from_example).
  • snapshot_restored — when you restore a snapshot.
  • diff_viewed / compare_viewed / git_panel_opened — when you open those views.
  • clipboard_imported — when you import variables from the clipboard.
  • auto_grouped — when you apply auto-grouping.
  • sync_keys — when you sync keys between files, with the sync mode (keys / keys+values).
  • encryption_key_set — when you set a Laravel encryption key.
  • command_palette_opened — when you open the command palette.
  • env_exported — when you open the export dialog.

For project_created, framework_detected, and package_detected, the framework and package names come from a fixed list that ships inside the app. Only those specific names can ever leave your machine — if Dotvault spots something it doesn’t recognise, nothing gets sent.

Licensing events, fired around your licence state:

  • license_trial_started — when your 14-day trial begins on first launch.
  • license_activated — when you successfully activate a licence. We do not send the licence key itself, your instance ID, or your email.
  • license_activation_failed — when an activation attempt fails, with one of three closed reasons: limit / invalid / network. Never the raw error.
  • license_deactivated — when you deactivate a licence from Settings.
  • license_validation_failed — when a background licence check fails, with one of two closed reasons: invalid / network.
  • license_revoked — when a licence becomes inactive, with one of five closed causes: trial_ended / disabled / deactivated_remotely / clock_rollback / offline_expired.
  • license_buy_clicked — when you click a Buy Dotvault button, with the source screen: trial_banner / settings / expired_screen.

Crash reporting (closed-enum event):

  • renderer_error — when the app UI hits an unexpected error, with a closed-enum source bucket: react / window_error / unhandled_rejection. We never send the error message, stack trace, file path, or any other error detail — only the bucket that tells us which layer of the app fell over. If you want to share the full error with us for debugging, the in-app “Something went wrong” screen has a Copy details button that puts it on your clipboard for you to email across manually. That path is always user-initiated.

Crash reporting (Sentry):

In addition to the closed-enum crash event above, Dotvault sends a sanitised error report to Sentry when an unexpected error occurs. These reports contain:

  • Error type — the class or name of the error (e.g. TypeError).
  • Sanitised stack trace — absolute file paths are scrubbed to relative paths before the report leaves your machine.
  • App version and OS version.

These reports do not contain: environment variable names or values, file names, project names, absolute file paths, or any personal data. User data and custom metadata are stripped before transmission. Sentry processes data in the EU (Frankfurt data centre). Like usage analytics, crash reports are gated by the same telemetry toggle — turn it off and nothing is sent.

Here’s what we never send, across every event and crash report above: the names or values of your environment variables, your file names, your project names, any absolute file paths or paths to your files, licence keys, email addresses, or anything you’ve typed into the app. Your .env files never leave your machine. The analytics and crash reporting code is walled off from your file contents by design and simply can’t see them.

To turn telemetry off, head to Settings → Privacy and flip Share anonymous usage data off. It stops immediately — no restart needed. For Aptabase’s own data retention and privacy practices, have a read of their privacy policy. For Sentry’s, see their privacy policy. The legal basis for this processing is consent (UK GDPR Article 6(1)(a)).

What we do not collect

The Dotvault application is local-first by design. It does not transmit the contents of your .env files, your encryption keys, your variable names or values, or any other project data to us or any third party. All file data remains on your machine.

Automated decision-making

We don’t do any automated decision-making or profiling as defined under UK GDPR Article 22. No algorithms are making decisions about you here.

Cookies

We use cookies only for Google Analytics, and only with your consent. The cookie banner on www.dotvault.dev allows you to accept or decline analytics cookies. If you decline, no analytics cookies are set and no data is sent to Google Analytics.

To remember your cookie preference we store a single key (dv-consent) in your browser’s local storage. It contains no personal data — just whether you accepted or declined analytics — and is necessary to honour your choice on subsequent visits.

How long we keep data

  • Analytics data — retained in Google Analytics for 14 months, after which it is automatically deleted.
  • Email correspondence — retained in our inbox for as long as reasonably necessary to handle the enquiry, typically no longer than 2 years.
  • In-app telemetry — Aptabase retains anonymous event data for up to 5 years. Because all identifiers are pseudonymous (daily-rotated salted hashes), data cannot be traced back to individual users.
  • Crash reports — Sentry retains error reports for 90 days by default. Reports contain no personal data or user identifiers.
  • Purchase and licence data — licence details are stored locally on your machine for as long as you use the app. Transaction records are retained by Lemon Squeezy per their own retention policies.
  • Update check logs — subject to Cloudflare’s standard log retention, typically a few days.

Third-party services and international transfers

Some of the services we use process data outside the United Kingdom. Where personal data is transferred internationally, we rely on the safeguards below to make sure your data stays protected to UK GDPR standards.

  • Google Analytics (US) — website analytics. Transfer safeguard: Google’s Data Processing Terms, which incorporate EU Standard Contractual Clauses (SCCs) and apply to UK transfers under UK GDPR. Google also participates in the EU-US Data Privacy Framework (including UK Extension). Google Privacy Policy.
  • Resend (US) — handles support form submissions. Stores your email address and message on our behalf for the purpose of delivering email. Transfer safeguard: EU SCCs with UK IDTA. Resend Privacy Policy.
  • Cloudflare (US, with global edge network) — hosts application update files and serves the website. Standard server logs apply. Transfer safeguard: Cloudflare’s Data Processing Addendum incorporating EU SCCs with UK IDTA. Cloudflare Privacy Policy.
  • Lemon Squeezy (US) — payment processing and licence fulfilment. Processes your name, email address, and payment details when you purchase a licence. Lemon Squeezy is our merchant of record. Transfer safeguard: Lemon Squeezy’s Data Processing Agreement. Lemon Squeezy Privacy Policy.
  • Aptabase (EU) — anonymous in-app usage telemetry (opt-in only). No personal data or file contents are transmitted. Data is processed within the EU. Aptabase Privacy Policy.
  • Sentry (EU — Frankfurt data centre) — anonymous crash and error reporting (opt-in, same toggle as analytics). Receives only error type, sanitised stack trace, and app/OS version. No personal data, file contents, or absolute paths are transmitted. Sentry Privacy Policy.

We do not sell personal data to third parties and we do not use personal data for advertising purposes.

Your rights

Under UK GDPR you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure — ask us to delete your data where there is no compelling reason to continue processing it.
  • Restriction — ask us to limit how we use your data in certain circumstances.
  • Objection — object to processing based on legitimate interests.
  • Portability — request your data in a structured, machine-readable format where applicable.
  • Withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, email hello@dotvault.dev. We will respond within one month.

Complaints

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO). You can make a complaint on the ICO website or call 0303 123 1113.

Changes to this policy

We may update this policy from time to time. When we do, we will update the date at the top of the page. Material changes will be noted here. Continued use of the website or application after changes are posted constitutes acceptance of the updated policy. For material changes that affect how we process data based on your consent, we will seek fresh consent where required by law.