Privacy

Your data stays yours.

Last updated: 26 June 2026

This is the website for Theodore HQ, a small studio making Mac apps. The site is built to be quiet: it sets no cookies, serves its own fonts and graphics, and uses analytics that cannot identify you. This policy explains exactly what the site touches, what happens when you buy one of our apps, and your rights under the UK GDPR.

The short version

Who is the data controller?

The data controller for any personal data we hold about you is:

TJH/CO LIMITED (trading as THEODORE HQ)

A company registered in England and Wales

Company number: 16589593

Registered office: Fairway House, Links Business, Fortran Rd, St. Mellons, Cardiff, CF3 0LT, United Kingdom

Email: support@theodorehq.com

We are not required to appoint a Data Protection Officer. For any data protection query, contact us at the email above.

What this website stores in your browser

Just one small functional item, and no cookies. When you first visit, we save a single flag, theodore-visited, in your browser's local storage. Its only job is to remember that you have been here before, so we can skip the opening animation on return visits. It holds no personal information, it is never sent anywhere, and it is not used to track you across other websites.

If your device is set to dark mode, the site follows that automatically; we do not store a separate preference for it. You can clear theodore-visited at any time by clearing this site's data in your browser, or by using any standard content blocker. Storing this flag is covered by the "appearance" exception in the ICO's storage and access rules (PECR, as updated by the Data (Use and Access) Act 2025), because its only purpose is to adapt how the site appears to a returning visitor. You do not need to consent, and you can object at any time using either method just described.

Website analytics (Umami)

To understand which pages people find useful, this website uses Umami, a privacy-friendly analytics tool we self-host on our own server at analytics.theodorehq.com.

Umami records aggregate, non-identifying information: the page URL, page title and referrer, the country your visit came from (derived from your IP address, which is then immediately discarded and never stored), and your browser, operating system, device type and screen size. It sets no cookies, does not fingerprint your device, does not follow you across other websites, and shares nothing with any third party. We cannot identify you from it.

Under the ICO's storage and access rules (PECR, as updated by the Data (Use and Access) Act 2025) this is covered by the "statistical purposes" exception, so no consent banner is needed, but you have a simple, free way to opt out (below). For the brief processing of your IP address to derive a country, our lawful basis under the UK GDPR is legitimate interests (Art 6(1)(f)) in understanding aggregate traffic without identifying individual visitors. Retention: aggregate figures indefinitely; raw event records for twelve months.

How to opt out. Use the button below to switch analytics off on this site. It sets a flag in your own browser that Umami treats as a permanent opt-out for this domain. Any standard content blocker (uBlock Origin, Ghostery, Brave's shields) also blocks it automatically.

Buying one of our apps

You can buy our apps from links on this site. The purchase itself happens on Polar.sh, which is our payment and licensing provider and the Merchant of Record (the legal seller). As the seller, Polar collects your email, country and payment details at its own checkout and acts as a separate (independent) data controller for that data under its own terms (its payment processor is Stripe); for any data it handles on our behalf it acts as our processor. We never receive your card details. See Polar's data-processing agreement and privacy policy.

After a sale, we receive your purchase email from Polar so we can deliver and verify your licence. (UK GDPR Article 14: this tells you where we obtained your data when it does not come directly from you.) Each app also has its own privacy policy covering what that app does on your Mac.

What personal data we hold, and on what basis

The law requires us to name a lawful basis under Article 6 of the UK GDPR for each category.

Your purchase email and licence record

Held so we can deliver and verify your licence. We receive your email from Polar, the Merchant of Record.

Lawful basis: contractual necessity (Art 6(1)(b)).

Newsletter subscription (the same email)

Used to send occasional product updates. You opt in at checkout via an unticked box (never pre-ticked), and every email has a one-click unsubscribe.

Lawful basis: consent (Art 6(1)(a)).

Licence-activation logs

Timestamp, country and the IP address of an activation, kept to detect fraud and licence abuse. Held by Polar.

Lawful basis: legitimate interests (Art 6(1)(f)).

Support emails

If you email us, we keep the message and our reply so we can help and follow up.

Lawful basis: legitimate interests (Art 6(1)(f)).

How long we keep it

Who handles your data, and international transfers

We keep suppliers to a minimum. Where one is based outside the UK, an approved UK transfer safeguard is in place:

You can ask us for more detail on any of these safeguards at support@theodorehq.com.

Your rights under UK GDPR

AccessAsk for a copy of the data we hold (Art 15).
RectificationCorrect anything inaccurate (Art 16).
ErasureAsk us to delete your data, subject to the HMRC retention above (Art 17).
RestrictionPause our processing while a dispute is resolved (Art 18).
PortabilityReceive your data in a structured, common format (Art 20).
ObjectObject to processing based on legitimate interests, including marketing (Art 21).
Withdraw consentUnsubscribe from the newsletter at any time (Art 7(3)).
No automated decisionsWe make no automated decisions about you (Art 22).

To exercise any of these, email support@theodorehq.com. We respond within thirty days, free of charge.

Complaints

If you are unhappy with how we have handled your personal data, please tell us first so we can put it right. You can complain to us by email at support@theodorehq.com. We will acknowledge your complaint within 30 days, investigate it, and tell you the outcome. We provide this complaints route under section 164A of the Data Protection Act 2018 (added by the Data (Use and Access) Act 2025).

You also have the right to complain to the UK Information Commissioner's Office (ICO): Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Helpline: 0303 123 1113. ico.org.uk/make-a-complaint. You can contact the ICO at any time, though we would appreciate the chance to resolve things for you first.

Children

Our apps and this website are general-purpose tools and are not directed at children under 13 (the UK age of digital consent under section 9 of the Data Protection Act 2018). We do not knowingly collect any personal data from anyone under 13. If you believe we hold such data in error, email us and we will delete it promptly.

Changes to this policy

If we change this policy we will update the date at the top, and email anyone on the customer list a plain-English summary of what changed at least fourteen days before it takes effect. We will not start collecting more from existing users without telling you.

Contact

For any questions or concerns, email support@theodorehq.com. Every message is read by a person on our team.


Each app we make has its own privacy policy covering what that app does on your Mac. You will find it linked from that app's page.