Privacy Policy
Effective 2026-07-10
What we store
- Account: your email and OAuth identity (GitHub/Google) — for login.
- Credentials you connect: your App Store Connect API key and the signing key we generate for you, AES-256-GCM envelope-encrypted with a per-organization key. Every decryption writes an audit record. We never ask for your Apple ID password.
- Your code: pushed snapshots live in a private mirror repository used only to run your builds, isolated per project. Secret-looking files (.env, keys, certificates) are excluded on your machine before upload.
- Build logs: stored trimmed and secret-redacted.
What we don't do
- No selling data, no ads, no trackers.
- No LLM inside NoMac — your code is never used to train or prompt anything.
- No reading your source beyond deterministic checks you can inspect.
Processors
Vercel (hosting), Neon (database), GitHub (private build mirror), Codemagic (macOS build machines — your code and a short-lived credential lease reach the ephemeral build VM), Apple (the point of the whole thing), Polar (payments; we never see card numbers).
Deletion
Deleting a connection shreds its encrypted credentials. Deleting a project deletes its mirror branch. Deleting your account removes the organization and everything under it. Email support@nomac.app for a full export or erasure.