Privacy Policy

Effective date: 21 May 2026 Last updated: 21 May 2026

This Privacy Policy explains how MDX handles personal data in connection with the MDX desktop application (the “App”) and the website at hellomdx.com (the “Website”). MDX is currently operated by its individual developer, not by a registered company. In this policy, “we”, “us”, and “our” mean the individual developer operating MDX.

If you have questions about this policy, contact us at support@hellomdx.com.

Summary (plain English)

• MDX is a local-first desktop editor. Your documents stay on your computer.
• We do not run any analytics, telemetry, or tracking inside the App.
• The App makes network calls for: (a) checking and downloading updates, (b) activating, validating, or deactivating your license key, and (c) calling the AI provider you choose (OpenAI, Anthropic Claude, Google Gemini, xAI Grok, or any OpenAI-compatible endpoint) only if you configure AI features and provide your own API key.
• Purchases are handled by Paddle as the merchant of record. They process your payment and email address; we never see your full payment details.
• The Website does not currently use analytics or tracking cookies.

1. Who we are

The person responsible for personal data described here is the individual developer operating MDX.

Contact: support@hellomdx.com

If a law requires us to provide additional contact or representative details, contact us at the email address above.

2. Data the desktop App handles

2.1 Documents and files (stays on your device)

MDX reads, edits, and writes Markdown files in folders (“vaults”) that you choose on your own computer. The contents of your files, the file paths, and the structure of your vault are never transmitted to us.

The App stores settings locally on your device, including editor preferences, recent vault/session information, trial/license status, and any AI endpoint/API key you choose to enter.

2.2 Update checks

The App contacts https://update.hellomdx.com/latest.json to check whether a new version is available, and downloads update bundles when you choose to install an update. These requests are served via Cloudflare R2 / Cloudflare CDN. Requests include your IP address and standard HTTP headers, which Cloudflare may log for security, abuse-prevention, and operational purposes. We do not use these logs to identify individual users.

2.3 License activation and validation

When you enter a license key, the App calls the MDX license API at https://api.hellomdx.com to activate the key on your device, periodically validate it, or deactivate it if you choose. This API is operated by us and runs on Cloudflare Workers, backed by a Cloudflare D1 database that stores your license key, the email address Paddle provided at purchase, the Paddle order/customer identifiers used to issue the key, and one record per activated device (a generated device label such as MDX on macOS (abcd), plus creation and last-validation timestamps). The data sent from the App with each request is your license key and, depending on the call, the device label or the activation identifier returned at activation time. The API returns whether the key is valid, how many activations remain, and a short-lived signed activation token that the App verifies offline so it can keep working without contacting the server on every launch. Requests are served through Cloudflare’s network; Cloudflare may log IP addresses and standard request metadata for security and abuse-prevention purposes.

2.4 Optional AI features (bring your own key)

If you configure AI writing suggestions, the App sends the relevant text needed for a suggestion directly to the AI provider you choose, using your own API key. The App supports OpenAI, Anthropic Claude, Google Gemini, xAI Grok, and any OpenAI-compatible endpoint (for example, a local Ollama or LM Studio server). Requests go from your device to the provider; we do not see, proxy, or store your prompts, completions, endpoint, or API key. Your provider’s own terms and privacy policy apply:

• OpenAI: https://openai.com/policies/privacy-policy
• Anthropic: https://www.anthropic.com/legal/privacy
• Google (Gemini API): https://ai.google.dev/gemini-api/terms
• xAI: https://x.ai/legal/privacy-policy

You can disable AI features at any time in Settings.

2.5 Crash and error logs

The App does not currently send crash reports or error logs to us. If we add opt-in crash reporting in the future (e.g. via Sentry), we will update this policy and ask for your consent before enabling it.

3. Data the Website handles

3.1 Website hosting and logs

The Website is hosted on Cloudflare. Cloudflare may process IP addresses, request metadata, and security logs to deliver the Website, prevent abuse, and protect the service. We do not currently use a separate website analytics product.

3.2 Cookies

The Website does not set tracking cookies. Paddle’s checkout pages may set their own cookies as described in their privacy policy.

3.3 Contact email

If you email us at support@hellomdx.com, your email address and message contents are processed by our email provider so we can reply to you.

4. Purchases (handled by Paddle)

Paddle.com Market Limited (“Paddle”) is the merchant of record for all purchases. When you buy MDX:

• Paddle collects your name, email address, billing address, country (for tax purposes), and payment details.
• Paddle issues the invoice, charges your payment method, and remits applicable taxes.
• We may receive order information such as your email, name, country, product purchased, order ID, and license key — not your full card details.

Paddle’s privacy policy: https://www.paddle.com/legal/privacy

5. Legal bases (EEA / UK users)

Where the GDPR or UK GDPR applies, our legal bases are:

• Contract — to deliver the App, validate your license, and provide updates.
• Legitimate interests — to keep the service secure, prevent abuse, and improve the App.
• Consent or your configuration choice — for optional features you explicitly enable, such as AI suggestions.
• Legal obligation — for tax records and accounting (handled mostly via Paddle as merchant of record).

6. Data retention

• License and order records: kept for as long as needed to provide the license, support refunds, comply with accounting/tax requirements, and resolve disputes.
• Local App settings and license data: kept on your device until you delete them or uninstall/reset the App.
• Update, website, and security logs: retained by Cloudflare according to Cloudflare’s retention practices.
• Support emails: kept for as long as needed to handle the request and maintain a reasonable support history.

7. Your rights

Depending on your location you may have the right to access, correct, delete, port, or restrict processing of your personal data, and to object to processing. To exercise these rights, email support@hellomdx.com. EEA/UK users also have the right to lodge a complaint with their local data-protection authority.

8. International transfers

Our providers, including Cloudflare, Paddle, and any AI provider you configure, may process data outside your country, including in the United States. Where required, we rely on contractual or legal safeguards offered by these providers.

9. Children

MDX is not directed at children under 13 (or under 16 in the EEA). We do not knowingly collect personal data from children.

10. Changes

We may update this policy. Material changes will be reflected in the “Last updated” date and, where appropriate, announced inside the App or on the Website.

11. Contact

Email: support@hellomdx.com