Masayuki Kobayashi (the “Provider”) sets out this Privacy Policy regarding the handling of personal information in the macOS application “stac” (the “App”).

1. Basic policy

stac is a Mac app for finding, previewing, and organizing fonts. Data needed for font selection is handled on your Mac whenever possible, and the information obtained by the Provider is limited to what is necessary to provide the App, manage purchases and licenses, and respond to support requests.

2. Data stored on your Mac

User data such as font settings, favorites, tags, ratings, notes, and preview text is generally stored on your Mac.

Dropped fonts are treated as temporary preview data on the Free plan and may be stored inside the App on the Pro plan. In either case, local fonts and dropped font files themselves are not uploaded to the Provider’s servers.

3. Information we do not collect

The Provider does not collect the following information.

• Local fonts and dropped font files themselves
• Font file contents or file paths
• Search keywords or viewing history of fonts
• Detailed click logs or operation history

4. Information that may be collected

The Provider may collect the following information only as necessary.

• Information required for Pro license activation and device management
• Information related to purchases, payments, and license issuance
• Email addresses, inquiry details, and environment information submitted through the contact form
• Information necessary for product improvement, quality assurance, fraud prevention, and troubleshooting

Collected information is retained only for as long as necessary to fulfill the intended purpose, and is deleted or anonymized appropriately when no longer needed. Information that must be retained by law will be stored in accordance with applicable laws.

5. Purposes of use

• To provide the App and related services
• To activate Pro licenses, manage devices, and confirm purchase status
• To process billing, payments, and post-purchase communication
• To respond to inquiries, bug reports, and support requests
• To prevent fraud, maintain security, and investigate incidents
• To improve the App, maintain quality, and understand usage trends
• To notify users about updates and important notices

6. Communication with third-party services

• Stripe: Used for payment processing. Credit card numbers are not stored by the Provider and are handled by Stripe. Stripe’s own terms and privacy policy apply.
• Google Fonts: Previewing Google Fonts requires communication with Google’s servers. Information necessary for that communication, such as your IP address, may be sent to Google.
• Cloudflare Turnstile: Used to prevent abuse of the contact form. Communication required for verification may be sent to Cloudflare.
• Vercel / Supabase: Used to operate the API server, database, and license-related services.

7. Third-party provision and outsourcing

Except where required by law, necessary to protect life, body, or property, or necessary to outsource operations within the scope of the stated purposes, the Provider will not provide personal information to third parties without the user’s consent.

8. Security management

The Provider takes necessary and appropriate security measures, including access control, protected communications, and vendor management, to prevent unauthorized access, loss, destruction, alteration, or leakage of collected information.

If any leakage or similar incident involving personal information occurs, the Provider will confirm the facts and take necessary reporting, notice, and other actions in accordance with applicable laws.

9. Requests for disclosure, correction, deletion, and related rights

Users may request disclosure, correction, addition, deletion, suspension of use, or suspension of third-party provision of their personal information held by the Provider in accordance with applicable law. Please contact us through the contact form if you wish to make such a request.

The Provider will respond within a reasonable scope after verifying the identity of the requester and in accordance with applicable law. Depending on the content of the request, it may not be possible to respond or a fee may apply.

10. Changes to this policy

The Provider may revise this policy when necessary. If there are important changes, notice will be given on the website or by other appropriate means. The revised policy becomes effective when posted on this page.

11. Contact

For inquiries about this policy or requests regarding personal information, please contact us through the contact form.

Last updated: May 1, 2026