Masayuki Kobayashi (the "Provider") establishes this Privacy Policy for personal information handled through the macOS application "stac" (the "App") and the Chrome extension "stac Font Finder" (the "Extension").
1. Basic policy
stac is a Mac app for finding, trying, and organizing fonts. The Extension helps users capture CSS font information from text on web pages and save it to the App. Data needed for font selection is handled on your Mac or inside Chrome whenever possible. Information collected by the Provider is limited to what is necessary to provide the App and related functions, manage purchases and licenses, and respond to support requests.
2. Data stored on Mac or inside Chrome
User data such as font settings, favorites, tags, ratings, notes, and preview text is generally stored on your Mac.
Drag-and-drop fonts are treated as temporary preview data in the Free plan, and may be stored inside the App in the Pro plan. In either case, local fonts and drag-and-drop font files themselves are not uploaded to the Provider's server.
The Extension may store, inside Chrome or the App on your Mac, part of the text clicked by the user on a web page, CSS font information (font-family, font-size, font-weight, line-height, color, background-color, etc.), page title, page URL, CSS selector, acquisition time, Bridge URL for connecting to stac, and Pairing Token for recent history and save-to-App integration.
Information captured by the Extension is sent only to the local connection endpoint (127.0.0.1) of the App running on the same Mac when the user chooses to save it to stac. It is not sent to the Provider's external server.
3. Information not collected
The Provider does not collect the following information.
- Local fonts or drag-and-drop font files themselves
- Font file contents or file paths
- Search keywords or history of fonts viewed
- Detailed click logs or operation history
- Continuous collection of web page contents or browsing history, except information explicitly clicked or saved by the user through the Extension
4. Information that may be collected
The Provider may collect the following information only as necessary.
- Information required for Pro license activation and device management
- Information related to purchases, payments, and license issuance
- Email addresses, inquiry details, and environment information submitted through the contact form
- Information necessary for product improvement, quality assurance, fraud prevention, and troubleshooting
Collected information is retained only for as long as necessary to fulfill the intended purpose, and is deleted or anonymized appropriately when no longer needed. Information that must be retained by law will be stored in accordance with applicable laws.
5. Purposes of use
- To provide the App and related services
- To activate Pro licenses, manage devices, and confirm purchase status
- To process billing, payments, and post-purchase communication
- To respond to inquiries, bug reports, and support requests
- To prevent fraud, maintain security, and investigate incidents
- To improve the App, maintain quality, and understand usage trends
- To notify users about updates and important notices
- To make CSS font information obtained by the Extension easier to save, organize, and search inside the App
6. Communication with third-party services
- Stripe: Used for payment processing. Credit card numbers are not stored by the Provider and are handled by Stripe. Stripe's own terms and privacy policy apply.
- Google Fonts: Previewing Google Fonts requires communication with Google's servers. Information necessary for that communication, such as your IP address, may be sent to Google.
- Cloudflare Turnstile: Used to prevent abuse of the contact form. Communication required for verification may be sent to Cloudflare.
- Cloudflare Pages / Supabase: Used to operate the API server, database, and license-related services.
The Extension's save-to-App flow communicates with the local connection endpoint (127.0.0.1) on the same Mac and is not a transfer to an external service.
7. Third-party provision and outsourcing
Except where required by law, necessary to protect life, body, or property, or necessary to outsource operations within the scope of the stated purposes, the Provider will not provide personal information to third parties without the user's consent.
8. Security management
The Provider takes necessary and appropriate security measures, including access control, protected communications, and vendor management, to prevent unauthorized access, loss, destruction, alteration, or leakage of collected information.
If any leakage or similar incident involving personal information occurs, the Provider will confirm the facts and take necessary reporting, notice, and other actions in accordance with applicable laws.
9. Requests for disclosure, correction, deletion, and related rights
Users may request disclosure, correction, addition, deletion, suspension of use, or suspension of third-party provision of their personal information held by the Provider in accordance with applicable law. Please contact us through the contact form if you wish to make such a request.
The Provider will respond within a reasonable scope after verifying the identity of the requester and in accordance with applicable law. Depending on the content of the request, it may not be possible to respond or a fee may apply.
10. Changes to this policy
The Provider may revise this policy when necessary. If there are important changes, notice will be given on the website or by other appropriate means. The revised policy becomes effective when posted on this page.
11. Contact
For inquiries about this policy or requests regarding personal information, please contact us through the contact form.
Last updated: May 9, 2026