Plain-Language Summary (TL;DR)
- Your data stays on your computer. UndoDisk processes all files, drives, and recovery results locally. No user files, file names, file paths, or file contents are ever collected, transmitted, or stored on remote servers.
- Minimal data collection. We only collect: (a) license activation data (license key + one-way hardware fingerprint hash) for license enforcement, and (b) optional anonymous telemetry for product improvement.
- You are in control. Telemetry can be disabled at any time in Settings → Privacy. When disabled, zero data is collected and no network calls are made.
- No data is sold. We do not sell, rent, or share your personal information with third parties for marketing purposes.
- EU/Quebec users: telemetry is off by default. For users in the EU/EEA/UK or Quebec, telemetry requires your explicit opt-in consent.
- Transparent data viewer. Settings → Privacy → View Telemetry Data lets you see exactly what is collected.
- Ontario, Canada law applies. Governed by PIPEDA and compliant with GDPR, CCPA/CPRA, Quebec Law 25, and other applicable frameworks.
1. What We Collect
UndoDisk Technologies (“we,” “us”) is the data controller. Our Privacy Officer can be reached at privacy@undodisk.com.
UndoDisk processes ALL files, drives, and recovery results locally. No user data is ever uploaded.
| Data | Purpose | Required? | Retention |
|---|---|---|---|
| License key + hardware fingerprint hash | License enforcement | Yes | Duration of license + 12 months |
| Email address | License delivery and account identification | Yes | Duration of license + 12 months |
| Crash reports (via Sentry) | Bug fixing and stability | Optional (telemetry) | 90 days |
| Usage analytics | Product improvement | Optional (telemetry) | 12 months |
| Payment data (via LemonSqueezy) | Payment processing | Yes (if purchasing) | Per LemonSqueezy’s policy |
The hardware fingerprint is a one-way hash — raw hardware identifiers are never stored or transmitted. Under GDPR, this hash constitutes personal data when linked with license records.
We never collect: file names, file paths, file contents, drive serial numbers, scan results, recovery results, or any personally identifiable information in telemetry. This is enforced by compile-time exclusion.
2. Telemetry Controls
Telemetry can be toggled at any time in Settings → Privacy. When disabled, zero data is collected and zero network calls are made. For EU/EEA/UK and Quebec users, telemetry is OFF by default and requires explicit opt-in. If your operating system’s Do Not Track setting is enabled, telemetry defaults to OFF regardless of jurisdiction.
Settings → Privacy → View Telemetry Data lets you inspect exactly what is collected before it is sent.
For the complete list of every telemetry event UndoDisk emits, including field types, PII guardrails, opt-out instructions, and schema versioning, see the Telemetry Catalog.
3. Third-Party Processors
| Processor | Purpose | Location |
|---|---|---|
| LemonSqueezy | Payment processing (Merchant of Record) | US |
| Sentry | Crash reports (optional) | US |
Your data may be processed by these providers in the locations listed above.
4. Your Rights
Regardless of where you live, you have the right to:
- Access your personal data
- Correct inaccurate data
- Delete your data (erasure may degrade a paid license to Free tier after the offline grace period)
- Opt out of telemetry at any time
- Data portability — receive your data in machine-readable format
- Object to processing based on legitimate interest
- Lodge a complaint with your local data protection authority
- Non-discrimination — exercising your rights will never affect your service
To exercise any right: email privacy@undodisk.com with your name, associated email, and the right you are exercising. Requests are acknowledged within 5 business days and fulfilled within 30 days (45 days for California).
EU/EEA/UK users may also contact their local Data Protection Authority. California users: we do not sell or share personal information as defined by the CCPA/CPRA.
Consumer-rights savings clause: Nothing in this Policy limits any rights you may have under applicable consumer protection laws, including the Ontario Consumer Protection Act, 2002.
5. Data Security
We protect your data with HTTPS for all network communications, encryption at rest (DPAPI on Windows), one-way SHA-256 hashing for hardware fingerprints, PII scrubbing on all telemetry before transmission, and access controls on all backend systems. All security safeguards are proportional to the sensitivity of the data.
6. Children’s Privacy
UndoDisk is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided data to us, contact privacy@undodisk.com and we will promptly delete it.
7. Cookies
The UndoDisk desktop application does not use cookies or browser-based tracking. The UndoDisk website uses essential cookies only.
8. Breach Notification
If we become aware of a data breach affecting your personal information, we will notify affected users and relevant authorities as required by law (within 72 hours where mandated by GDPR, Quebec Law 25, or UK GDPR). Notifications will be sent via email, in-app banner, and website notice.
9. Changes to This Policy
We may update this Policy from time to time. Material changes (affecting data collection scope, sharing, or your rights) will be announced in-app and on our website. Changes that expand data collection require your affirmative re-acceptance.
10. Contact
Privacy Officer: privacy@undodisk.com General Support: support@undodisk.com Legal Inquiries: legal@undodisk.com Security Reports: security@undodisk.com Website: https://undodisk.com
Mailing Address: UndoDisk Technologies Ontario, Canada
© 2026 UndoDisk Technologies. All rights reserved.
This Privacy Policy was last updated on April 26, 2026.