Privacy Policy (Datenschutzerklärung)¶
Last updated: April 2026
1. Controller / Verantwortlicher¶
The data controller responsible for the processing described in this policy is:
SmallSoftLoaf Software - Kevin Jung Walkmühlenstraße 28 71397 Leutenbach, Germany E-mail: [hello@getdiffract.com]
As a German Einzelunternehmen (sole trader), SmallSoftLoaf Software - Kevin Jung is the data controller within the meaning of Art. 4(7) GDPR / Art. 4(7) DSGVO.
2. Overview - What Data Diffract Processes¶
Diffract is a desktop application that runs entirely on your local device. It does not connect to the internet during normal use and does not transmit your files, diff results, or usage data to any server controlled by the developer.
| Category | Where stored | Transmitted? |
|---|---|---|
| App settings (theme, language, algorithms, etc.) | Windows Registry / macOS plist (via shared_preferences) |
No |
| License key | Windows Registry / macOS plist (via shared_preferences) |
No |
| Window geometry | Windows Registry / macOS plist (via shared_preferences) |
No |
| Trial start timestamp | Windows Registry / macOS plist + app config directory (filesystem) | No |
| Files you compare | Your local filesystem only | No |
3. Local Application Data¶
3.1 What is stored and why¶
When you use Diffract, the following data is stored locally on your device using the operating system's standard preference storage (Windows Registry under HKCU\Software\diffract / macOS NSUserDefaults):
- App preferences: theme (light/dark), UI language, diff algorithm selection, syntax highlighting toggle, minimap toggle, and similar display settings.
- License key: your activation key, to verify your license on subsequent launches. The key is validated entirely offline; it is never sent to any server.
- Window geometry: window size and position, to restore your layout between sessions.
- Trial start timestamp: a cryptographically signed record of when the evaluation period was first activated, used solely to enforce the 7-day trial limit. This data does not leave your device.
Legal basis: Art. 6(1)(b) GDPR - processing is necessary for the performance of the contract (providing a functioning application).
3.2 How to delete local data¶
You can delete all locally stored preferences and application data by:
- Windows: Delete the registry key
HKCU\Software\diffract(runreg delete HKCU\Software\diffract /fin a command prompt) and delete theDiffractfolder inside%APPDATA%. - macOS: Run
defaults delete com.diffract.appin Terminal, and delete thediffractfolder inside~/Library/Application Support/if present. - Linux: Delete
~/.config/diffract/and~/.local/share/diffract/(or the equivalent XDG directories).
Uninstalling the application may not automatically remove these preferences depending on your operating system.
Trial enforcement data
Deleting all application data as described above will also erase the trial start record. Because this record is necessary to operate the evaluation period, its erasure will affect trial-period verification. If you wish to exercise your right to erasure under Art. 17 GDPR but have questions about how this interacts with an active trial, please contact [hello@getdiffract.com] directly and the matter will be handled on a case-by-case basis.
4. License Key Validation¶
Diffract uses an offline license validation system. Your license key encodes a cryptographic signature that is verified locally against a public key embedded in the application. No network request is made during activation or validation. The developer never receives information about when or how often you activate the software.
5. Purchase and Payment Processing (Paddle)¶
Purchases are made through the Diffract website, not within the desktop application. Payment processing and the associated data collection are handled by Paddle.com Market Limited ("Paddle"), the Merchant of Record. Please refer to the website privacy notice and Paddle's Privacy Policy for details on how your purchase data is processed.
6. Website¶
If the Diffract website uses analytics, cookies, or contact forms, those are governed by a separate cookie/analytics notice published on the website. This section covers the desktop application only.
(If the website is hosted on a platform such as GitHub Pages, Netlify, Vercel, etc., note that platform's data processing here.)
7. Recipients of Personal Data¶
Apart from Paddle (§5), the developer does not share your personal data with third parties. No advertising networks, telemetry services, or analytics SDKs are integrated into the Diffract desktop application.
8. Retention¶
- Local preferences: stored on your device indefinitely until you delete them (see §3.2). The developer has no access to or copy of this data.
- Webhook/purchase records: retained by the developer for the period required by German tax law (§ 147 AO) - currently 10 years from the end of the fiscal year in which the transaction occurred.
9. Your Rights Under GDPR¶
As a data subject, you have the following rights under the GDPR (Articles 15–22):
| Right | Description |
|---|---|
| Access (Art. 15) | Request a copy of the personal data the developer holds about you |
| Rectification (Art. 16) | Request correction of inaccurate data |
| Erasure (Art. 17) | Request deletion of your data ("right to be forgotten"), subject to legal retention obligations |
| Restriction (Art. 18) | Request that processing be restricted in certain circumstances |
| Data portability (Art. 20) | Receive your data in a structured, machine-readable format |
| Objection (Art. 21) | Object to processing based on legitimate interests |
| Lodge a complaint (Art. 77) | File a complaint with a supervisory authority |
To exercise any of these rights, contact: [hello@getdiffract.com]
You also have the right to lodge a complaint with the competent data protection supervisory authority. For German Einzelunternehmer, the relevant authority is the data protection authority of the federal state (Bundesland) in which you are resident. A list of German supervisory authorities is available at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
10. Security¶
All data stored locally uses the security mechanisms provided by the operating system (Windows DPAPI / macOS Keychain at the OS level for Registry/plist data). No data is transmitted over the network by the application itself. License keys are validated using Ed25519 public-key cryptography.
11. Children¶
Diffract is a professional software development tool not directed at children. The developer does not knowingly collect personal data from persons under the age of 16.
12. Changes to This Policy¶
Material changes to this privacy policy will be announced via the Diffract website or release notes. The "Last updated" date at the top of this document reflects the most recent revision. Continued use of Diffract after a change is published constitutes acceptance of the updated policy.