Legal
Privacy Policy
Last updated: 9 July 2026
Freya is a desktop application published by the individual developer behind Freya (“we”, “us”, or “the Vendor”). This Privacy Policy explains what personal data we process when you use the Freya desktop application (the “App”) and the related website at freya.falcighol.dev (the “Site”), and what rights you have over that data. We have written this policy to be readable, not to be padded with boilerplate.
Short version
- The App runs entirely on your device. There is no Freya server that stores your data.
- No analytics, no telemetry, no tracking. The App does not phone home with usage data.
- Your plans, configs, history, and GitHub token live in a JSON file on your machine. We never see them.
- The only network calls the App makes are: (a) directly to
api.github.comusing your token, (b) for Pro users, a lightweight license-validity check to a Vendor-operated endpoint, (c) auto-update checks against the Freya releases bucket, and (d) if you opt into the optional Cloud Sync feature, requests directly to the storage destination you choose (Google Drive, iCloud, or a folder you pick). - Cloud Sync is off by default and available only to Pro users who explicitly turn it on. When enabled, a portable subset of your settings, plans, and workflow configs is written directly to a destination you choose — we never see or hold a copy of it ourselves. See Section 3.
- If you buy a Pro license, Paddle processes the payment. Paddle is the Merchant of Record and is the data controller for billing data. We receive only your email address and a license activation record.
1. Data the App stores on your device
The App keeps its state in a local JSON file under your operating system’s user-data directory:
- macOS:
~/Library/Application Support/Freya/ - Windows:
%APPDATA%\Freya\ - Linux:
~/.config/Freya/
That file contains the plans and saved configurations you create, your local run history, your preferences, your GitHub Personal Access Token (“PAT”), and — for Pro users — your license key. This file never leaves your machine unless you choose to back it up, share it, use the App’s import/export feature, or enable the optional Cloud Sync feature described in Section 3.
2. Data the App transmits
The App makes a small, fixed set of network requests during core (non-sync) use. Each is described below.
| Destination | When | What is sent |
|---|---|---|
api.github.com | Whenever you list repos, list workflows, dispatch a workflow, stream logs, approve a deployment, etc. | Your PAT (as a bearer token) and the request payload you initiated. Sent directly from your device to GitHub — never proxied through us. |
| Freya license endpoint (Pro only) | On Pro feature use and periodic background checks. | Your license key and a device identifier, for the sole purpose of returning whether the license is currently valid. |
Freya releases (releases-freya.falcighol.dev) | Auto-update check on launch and periodically thereafter. | A standard HTTP request with your IP address and the App’s version string. No license key or PAT is included. |
The App does not load remote scripts, fonts, or other third-party assets at runtime. There is no advertising network and no analytics SDK. If you enable the optional Cloud Sync feature, additional requests are made directly to the destination you choose — see Section 3 for what those involve.
3. Cloud Sync (optional, Pro feature)
Pro users can optionally turn on Cloud Sync to keep the App’s plans and settings in step across multiple devices. Cloud Sync is off by default and only runs if you explicitly enable it in Settings. You choose one of three destinations:
- A folder you pick — any local directory, including one already synced by a service like Dropbox or OneDrive. That service’s own privacy practices govern data once it leaves your device through it; we have no relationship with it.
- iCloud Drive (macOS only) — a
Freyafolder inside your iCloud Drive, governed by Apple’s iCloud terms. - Google Drive — connected via Google’s OAuth “installed app” flow, requesting only the
drive.appdataanduserinfo.emailscopes.drive.appdatagrants access solely to a hidden, per-app folder that never appears in your regular Drive — the App cannot see, list, or modify any other file in your Drive.userinfo.emailis used only to display which Google account is connected.
For the folder and iCloud options, sync happens over the filesystem — the App makes no direct network request itself beyond whatever the storage provider does on your device (e.g. Dropbox uploading the changed file). For Google Drive, the App talks directly to Google’s OAuth and Drive REST APIs from your device; the Vendor operates no server in this path and never receives a copy of the synced data or your Google credentials.
When Cloud Sync is on, the following syncs to your chosen destination: your portable app settings (theme, locale, notification preferences, and similar), your saved workflow configs, your execution plans (their definitions only — not live run status), your watched-repo lists, and your saved views. The following never sync, regardless of provider: your GitHub token and session, your Freya license key, your device identifier, repo-graph caches, workflow run history, and Quick Run state.
Google’s OAuth refresh token is stored encrypted on your device using the same secure-storage mechanism as your GitHub token (Section 1) and is never transmitted to the Vendor. You can disconnect Google Drive, or turn off Cloud Sync entirely, at any time from Settings; disconnecting revokes the App’s access to your Google account. Google’s own handling of data you sync to Drive is governed by Google’s Privacy Policy.
4. Data Paddle processes on our behalf
When you purchase a Pro license, the checkout is hosted and processed by Paddle.com Market Limited (“Paddle”), which acts as the Merchant of Record. Paddle is the controller for the personal data submitted during checkout (name, billing address, payment details, IP address, country for VAT/GST purposes, etc.) and operates under its own privacy notice. See Paddle’s Privacy Policy and Buyer Terms.
Paddle shares with us only the limited information we need to issue and support your license: your email address, your purchase date, and a transaction identifier. We use that information to email your license key, to look up your purchase if you contact us for support, and to verify or revoke licenses where appropriate (for example, after a refund).
5. The Site
The Site is a static page hosted on Cloudflare Pages. Cloudflare may log standard request metadata (IP address, user-agent, referrer, time of access) for security and operational purposes; see Cloudflare’s privacy policy. The Site does not use cookies, analytics, advertising trackers, or any other client-side telemetry. Styles and fonts are served from the Site itself. The landing page loads a small animation library from jsDelivr, and the pricing page loads Paddle’s checkout script from cdn.paddle.com when you start a purchase; those requests are made by your browser directly to those providers and are governed by their privacy practices.
6. Cookies
The App is a desktop application and does not use cookies in the web-browser sense. The Site does not set any cookies.
7. Children
Freya is a developer tool intended for professional use. It is not directed to children, and we do not knowingly collect data from children under the age of 16.
8. Data retention
We retain license-issuance records (email, license key, purchase date) for as long as your license is active and for a reasonable period thereafter to meet tax and accounting obligations and to honor refunds and reactivation requests. Paddle retains transaction records under its own retention policy. You can request deletion of your license record at any time (see Section 10); doing so will deactivate the license. Data you sync via the optional Cloud Sync feature is retained only at the destination you chose (your Google Drive, iCloud, or folder) until you delete it there or disable sync — we hold no copy of it.
9. Legal basis (GDPR / UK GDPR)
Where the GDPR or UK GDPR applies, our legal bases for processing the limited data described above are:
- Performance of a contract — to issue, validate, and support your Pro license.
- Consent — for the optional Cloud Sync feature, which you must explicitly enable and may withdraw at any time by disabling it.
- Legitimate interests — to detect and prevent license-key abuse, to deliver software updates, and to provide support when you contact us.
- Legal obligation — to retain limited records for tax and accounting purposes.
10. Your rights
Depending on where you live, you may have the right to access, correct, delete, or port your personal data, to object to or restrict its processing, and to lodge a complaint with a supervisory authority. To exercise any of these rights with respect to data we hold (i.e., license issuance records), email us at [email protected] or contact Paddle for billing-data requests. For data stored only on your own device, you can exercise all of these rights yourself by editing or deleting the local JSON file described in Section 1. For data synced via the optional Cloud Sync feature, you can access, export, or delete it at any time at the destination you chose (your Google Drive, iCloud, or folder), or stop future syncing by disabling Cloud Sync in the App.
11. International transfers
Paddle operates internationally and may transfer billing data across jurisdictions under appropriate safeguards described in its own privacy policy. The Vendor stores license-issuance records on infrastructure that may be located outside your country of residence; where required, transfers rely on Standard Contractual Clauses or equivalent mechanisms. If you enable Google Drive as your Cloud Sync destination, Google may store and process that data on its own international infrastructure under Google’s privacy policy; the Vendor is not a party to that processing.
12. Changes to this policy
If we change this Privacy Policy, we will update the “Last updated” date above and, for material changes affecting existing users, give reasonable notice through the App or the Site.
13. Contact
For privacy questions or data-rights requests concerning data we hold, email us at [email protected]. For billing data held by Paddle, contact Paddle’s buyer support via paddle.net.