Privacy Policy

General Software is a trading name of Workshop Operations Ltd, a company registered in England and Wales (Company No. 14842982). We are committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains what information we collect, how we use it, and the rights you have in relation to it.

By using our website, products, or services, you acknowledge that you have read and understood this Privacy Policy. We act as the data controller for the personal data described in this policy, except where Paddle acts as the merchant of record for payment processing (see Section 3).

1. Information We Collect

We collect minimal personal data and only where necessary. The categories of information we may collect include:

Information you provide directly

• Contact information — such as your name and email address, when you contact us for support or sign up for communications.
• Purchase information — when you buy one of our products, your transaction is processed by Paddle (see Section 3). We receive limited order information such as your name, email address, and licence entitlement, but we do not receive or store your payment card details.

Information collected automatically

• Website analytics data — we may collect anonymised or pseudonymised usage data when you visit our website, such as pages visited, referring site, browser type, and general geographic region. See Section 4 for details.
• Software licence validation — our applications may contact a licence server to verify your purchase. This involves sending a licence key or transaction identifier and does not transmit personal files, usage habits, or other personal data from your device.

Information we do not collect

Our Mac and iOS applications are designed to run locally on your device. They do not collect, transmit, or store your personal data, files, or usage behaviour on our servers. Your documents, settings, and activity within our apps remain entirely on your device.

2. How We Use Your Information

We process personal data only where we have a lawful basis to do so. The purposes for which we use your information, and the corresponding legal bases under UK GDPR, are:

• Fulfilling purchases and delivering licence keys — to perform our contract with you.
• Providing customer support — to respond to your enquiries and resolve issues, based on our contractual obligations or your consent.
• Sending product updates or important notices — to inform you of critical updates, security patches, or changes to our terms, based on our legitimate interests in keeping customers informed.
• Improving our website and services — to understand how visitors use our website and to enhance user experience, based on our legitimate interests.
• Complying with legal obligations — to meet regulatory, tax, or legal reporting requirements.

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

3. Payment Processing

All payments for General Software products are processed by Paddle.com Market Limited, which acts as the merchant of record for our transactions. This means Paddle — not General Software — is responsible for processing your payment and handling associated billing data.

When you make a purchase, Paddle collects and processes your payment information (such as credit card details, billing address, and transaction data) in accordance with their own privacy policy. We do not have access to your full payment card details at any time.

Paddle may share limited information with us to fulfil your order, including your name, email address, country, and transaction details. Paddle's handling of your data is governed by Paddle's Privacy Policy.

For questions about payment data, VAT, invoices, or refunds, you may contact Paddle directly or reach out to us and we will assist where possible.

4. Cookies & Analytics

Our website may use cookies and similar technologies for the following purposes:

• Essential cookies — required for the website to function correctly, such as remembering your theme preference (light or dark mode). These do not require consent.
• Analytics — we may use privacy-focused analytics tools to understand aggregate website traffic and usage patterns. Where analytics are used, we prefer tools that do not use personal identifiers or cross-site tracking, and we minimise data collection to what is necessary.

We do not use advertising cookies or tracking pixels. We do not participate in cross-site tracking or behavioural advertising networks.

You can control cookie preferences through your browser settings. Disabling cookies may affect some website functionality, such as theme preferences.

5. Data Storage & Security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Use of encrypted connections (HTTPS/TLS) for all website traffic and data transmission.
• Restricted access to personal data on a need-to-know basis.
• Regular review of our data handling practices and security measures.

Any personal data we hold (such as support correspondence and order records) is stored securely. Where we use third-party services to process data, we ensure they provide adequate safeguards.

While we implement industry-standard protections, no method of electronic storage or transmission is completely secure. We cannot guarantee absolute security, but we are committed to protecting your data to the best of our ability.

6. Third-Party Services

We may share limited personal data with the following categories of third-party service providers, solely to operate our business and deliver our products:

• Paddle — payment processing and merchant of record services (see Section 3).
• Email service providers — to send transactional emails such as licence delivery and support replies.
• Analytics providers — to collect anonymised website usage data (see Section 4).
• Hosting and infrastructure providers — to serve our website and any related services.

We require all third-party processors to handle your data in accordance with applicable data protection law and only for the purposes we specify. We do not sell or share personal data with third parties for their own marketing purposes.

Where data is transferred outside the United Kingdom, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions recognised by the UK government.

7. Your Rights

Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, you have the following rights in relation to your personal data:

• Right of access — you can request a copy of the personal data we hold about you.
• Right to rectification — you can ask us to correct any inaccurate or incomplete data.
• Right to erasure — you can request that we delete your personal data, subject to any legal obligations requiring us to retain it.
• Right to restrict processing — you can ask us to limit how we use your data in certain circumstances.
• Right to data portability — you can request that we provide your data in a structured, commonly used, machine-readable format.
• Right to object — you can object to our processing of your data where we rely on legitimate interests as the legal basis.
• Right to withdraw consent — where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at hello@general.software. We will respond to your request within one month, as required by law.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection. You can contact the ICO at ico.org.uk.

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our general retention practices are:

• Purchase and licence records — retained for the duration of your licence and for up to 7 years thereafter, as may be required for tax and accounting purposes.
• Support correspondence — retained for up to 2 years after the last interaction, unless a longer period is required to resolve an ongoing matter.
• Analytics data — aggregated and anonymised data may be retained indefinitely. Any identifiable analytics data is deleted or anonymised within 26 months.

When personal data is no longer needed, we securely delete or anonymise it.

9. Children's Privacy

Our products and services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe that a child has provided us with personal data, please contact us at hello@general.software and we will take steps to delete such information promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. When we make material changes, we will update the "Last updated" date at the top of this page.

We encourage you to review this page periodically. Continued use of our website or products after changes are posted constitutes your acceptance of the revised policy.

11. Contact

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:

• Email: hello@general.software
• Entity: Workshop Operations Ltd, trading as General Software
• Company No.: 14842982 (England and Wales)