Privacy Policy
Effective date: [EFFECTIVE_DATE, e.g. 1 June 2026] Last updated: [LAST_UPDATED]
This Privacy Policy explains how [YOUR_LEGAL_NAME OR TRADING NAME] (“we”, “us”, “our”) handles personal data in connection with the MDX desktop application (“MDX”, the “App”) and the website at hellomdx.com (the “Website”).
If you have questions about this policy, contact us at support@hellomdx.com.
Summary (plain English)
- MDX is a local-first desktop editor. Your documents stay on your computer.
- We do not run any analytics, telemetry, or tracking inside the App.
- The App makes network calls only for: (a) checking and downloading updates, (b) validating your license key, and (c) calling OpenAI’s API only if you enable AI features and provide your own API key.
- Purchases are handled by Lemon Squeezy as the merchant of record. They process your payment and email address; we never see your full payment details.
- The Website may use privacy-friendly analytics without cookies.
1. Who we are
The “data controller” for personal data described here is:
[YOUR_LEGAL_NAME] [YOUR_BUSINESS_ADDRESS, including country] Email: support@hellomdx.com
If you are in the European Economic Area or the United Kingdom and we are required to designate a representative, please contact us at the address above.
2. Data the desktop App handles
2.1 Documents and files (stays on your device)
MDX reads, edits, and writes Markdown files in folders (“vaults”) that you choose on your own computer. The contents of your files, the file paths, and the structure of your vault are never transmitted to us.
2.2 Update checks
The App periodically contacts https://update.hellomdx.com/latest.json to check whether a new version is available, and downloads update bundles when you confirm. These requests are served via Cloudflare R2 / Cloudflare CDN. The request includes your IP address and standard HTTP headers (e.g. user-agent, app version), which Cloudflare may log for abuse-prevention and operational purposes. We do not associate these logs with your identity.
2.3 License activation and validation
When you enter a license key, the App calls Lemon Squeezy’s license API (api.lemonsqueezy.com) to activate the key on your device and to periodically validate it. The data sent includes your license key and a device label (machine name or a generated identifier). Lemon Squeezy returns whether the key is valid and how many activations remain. See Lemon Squeezy’s privacy policy at https://www.lemonsqueezy.com/privacy.
2.4 Optional AI features (bring your own key)
If you enable AI suggestions, the App sends the relevant portion of the document you are editing to OpenAI’s API using your own OpenAI API key, which is stored locally on your device. We do not see, proxy, or store your prompts, completions, or API key. OpenAI’s handling of this data is governed by https://openai.com/policies/privacy-policy.
You can disable AI features at any time in Settings.
2.5 Crash and error logs
The App does not currently send crash reports or error logs to us. If we add opt-in crash reporting in the future (e.g. via Sentry), we will update this policy and ask for your consent before enabling it.
3. Data the Website handles
3.1 Privacy-friendly analytics
The Website uses [PRIVACY_ANALYTICS_PROVIDER, e.g. Cloudflare Web Analytics or Plausible], which collects aggregated, anonymous statistics (pages visited, country, device type) without using cookies and without tracking individual users across sites.
3.2 Cookies
The Website does not set tracking cookies. Lemon Squeezy’s checkout pages may set their own cookies as described in their privacy policy.
3.3 Contact email
If you email us at support@hellomdx.com, your email address and message contents are processed by our email provider, [EMAIL_PROVIDER, e.g. Cloudflare Email Routing + Fastmail], so we can reply to you.
4. Purchases (handled by Lemon Squeezy)
Lemon Squeezy is the merchant of record for all purchases. When you buy MDX:
- Lemon Squeezy collects your name, email address, billing address, country (for tax purposes), and payment details.
- Lemon Squeezy issues the invoice, charges your payment method, and remits applicable taxes.
- We receive the order’s email, name, country, and license key — not your full card details.
Lemon Squeezy’s privacy policy: https://www.lemonsqueezy.com/privacy
5. Legal bases (EEA / UK users)
Where the GDPR or UK GDPR applies, our legal bases are:
- Contract — to deliver the App, validate your license, and provide updates.
- Legitimate interests — to keep the service secure, prevent abuse, and improve the App.
- Consent — for any optional analytics or features you explicitly enable.
- Legal obligation — for tax records and accounting (handled mostly via Lemon Squeezy).
6. Data retention
- License records (email, license key, activations): kept for as long as your license is active and for [RETENTION_PERIOD, e.g. 7 years] afterwards for accounting and refund purposes.
- Update server logs: retained by Cloudflare per their default retention windows.
- Support emails: kept for as long as needed to handle the request, then archived.
7. Your rights
Depending on your location you may have the right to access, correct, delete, port, or restrict processing of your personal data, and to object to processing. To exercise these rights, email support@hellomdx.com. EEA/UK users also have the right to lodge a complaint with their local data-protection authority.
8. International transfers
Our infrastructure providers (Cloudflare, Lemon Squeezy, OpenAI) may process data outside your country, including in the United States. Where required, we rely on standard contractual clauses or equivalent safeguards offered by these providers.
9. Children
MDX is not directed at children under 13 (or under 16 in the EEA). We do not knowingly collect personal data from children.
10. Changes
We may update this policy. Material changes will be reflected in the “Last updated” date and, where appropriate, announced inside the App or on the Website.
11. Contact
Email: support@hellomdx.com Postal: [YOUR_BUSINESS_ADDRESS]