PRIVACY POLICY Last Updated: January 12, 2026 INTRODUCTION Gammal Software, Inc. ("Company," "we," "us," or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website metadock.app (the "Website") and use the MetaDock desktop application (the "Application" or "Software"). This Privacy Policy applies to: - The metadock.app website and all subdomains - The MetaDock desktop application for Windows - Any related services, communications, or interactions with our Company Please read this Privacy Policy carefully. By using our Website or Application, you acknowledge that you have read and understood this Privacy Policy and consent to our collection, use, and disclosure of your personal information as described herein. If you do not agree with the terms of this Privacy Policy, please do not access the Website or use the Application. TABLE OF CONTENTS 1. Information We Collect 2. How We Collect Information 3. How We Use Your Information 4. How We Share Your Information 5. Third-Party Service Providers 6. Cookies and Tracking Technologies 7. Data Retention 8. Data Security 9. Your Privacy Rights 10. Children's Privacy 11. International Data Transfers 12. Third-Party Websites and Services 13. Microsoft WebView2 Privacy Disclosure 14. Changes to This Privacy Policy 15. Contact Us 16. Privacy Rights for Specific Jurisdictions - Canada (PIPEDA) - European Union (GDPR) - California (CCPA) 1. INFORMATION WE COLLECT We collect several types of information from and about users of our Website and Application. 1.1 Personal Information You Provide to Us a) Email Address - When you subscribe to our mailing list - When you contact us for support, sales inquiries, or other communications - When you create an account or subscribe to our services b) Contact Information - Name (optional, when provided in contact forms) - Any other information you choose to provide in communications with us c) Payment Information - Payment information is collected and processed by Stripe, our third-party payment processor - We do NOT store credit card numbers, CVV codes, or full payment details on our servers - We only store Stripe-generated identifiers on our servers including: * stripe_customer_id * stripe_subscription_id * stripe_payment_intent - These identifiers are linked to your license serial number - Note: Email addresses collected for mailing lists and accounts are stored separately from payment data 1.2 Information Automatically Collected a) Website Analytics Data (via Vercel Analytics) - Pages viewed and time spent on pages - Referral source (how you found our website) - Device type and browser information - Operating system - General geographic location (country/region level, not precise location) - IP address (anonymized) - Date and time of access b) Application License Data - Hardware ID (hashed/anonymized) - License key/serial number - License activation status - Note: We do NOT collect your email address through the Application itself 1.3 Information We Do NOT Collect We want to be transparent about what we do NOT collect: a) Through the Website: - We do not collect precise geolocation data - We do not collect biometric data - We do not collect sensitive personal information (health data, financial account numbers, etc.) b) Through the Application: - We do not collect or access your browsing history - We do not collect or access websites you visit using MetaDock - We do not collect or access bookmarks, passwords, or form data - We do not collect or access wallet addresses, private keys, or cryptocurrency information - We do not collect or access your workspace configurations or browser profile data - We do not monitor or track your activity within the Application - Your workspace data, browser profiles, and all user data remain LOCAL on your device 2. HOW WE COLLECT INFORMATION 2.1 Information You Provide Directly - When you fill out contact forms on our Website - When you subscribe to our mailing list - When you email us at support@metadock.app, sales@metadock.app, or other company emails - When you purchase a subscription 2.2 Automated Collection Technologies - Cookies and similar tracking technologies on our Website (see Section 6) - Vercel Analytics integrated into our Website - License verification system in the Application 2.3 Third-Party Sources - Stripe provides us with payment confirmation and subscription status (no full payment details) - We do not purchase or obtain personal information from data brokers or other third parties 3. HOW WE USE YOUR INFORMATION We use the information we collect for the following purposes: 3.1 To Provide and Maintain Our Services - Process and fulfill your subscription orders - Verify your license and prevent unauthorized use - Provide customer support and respond to your inquiries - Send transactional emails (order confirmations, receipts, license keys, password resets, service announcements) 3.2 To Improve Our Services - Analyze website usage to improve user experience - Identify and fix bugs, errors, or performance issues - Develop new features and functionality - Understand how users interact with our Website and Application 3.3 To Communicate With You - Send you marketing emails about MetaDock products, updates, and promotions (only if you opt-in) - Send you newsletters (only if you subscribe to our mailing list) - Respond to your comments, questions, and support requests - Send important service updates or changes to our terms Note: Marketing emails are optional and separate from transactional emails. You can opt-out of marketing emails at any time (see Section 9). 3.4 For Legal and Security Purposes - Comply with legal obligations and respond to lawful requests from authorities - Enforce our Terms and Conditions and other agreements - Protect against fraud, abuse, and security threats - Protect our rights, property, and safety, and that of our users and others 3.5 For Business Operations - Maintain business records and accounting - Manage subscriptions and billing - Conduct internal research and analytics 4. HOW WE SHARE YOUR INFORMATION We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your information in the following circumstances: 4.1 With Service Providers We share your information with trusted third-party service providers who assist us in operating our business: a) Stripe (Payment Processing) - Processes subscription payments securely - Subject to Stripe's Privacy Policy: https://stripe.com/privacy - Stripe is PCI-DSS compliant b) Mailchimp (Email Service Provider) - Manages our mailing list and sends newsletters - Subject to Mailchimp's Privacy Policy: https://www.intuit.com/privacy/statement/ - You can unsubscribe from our mailing list at any time c) Vercel (Website Hosting and Analytics) - Hosts our website and provides anonymized analytics - Subject to Vercel's Privacy Policy: https://vercel.com/legal/privacy-policy d) Microsoft (WebView2 Runtime) - The MetaDock Application uses Microsoft Edge WebView2 as its browser engine - WebView2 may send diagnostic and usage data to Microsoft - See Section 13 for detailed disclosure All service providers are contractually obligated to protect your information and use it only for the purposes we specify. 4.2 For Legal Reasons We may disclose your information if required to do so by law or in response to: - Court orders, subpoenas, or other legal processes - Requests from government authorities or law enforcement - Legal claims or disputes - Situations involving potential threats to safety or security 4.3 Business Transfers If Gammal Software, Inc. is involved in a merger, acquisition, asset sale, bankruptcy, or similar transaction, your information may be transferred to the acquiring entity. We will notify you of any such change via email and/or a prominent notice on our Website. 4.4 With Your Consent We may share your information for any other purpose with your explicit consent. 5. THIRD-PARTY SERVICE PROVIDERS We use the following third-party services: 5.1 Stripe (Payment Processing) - Purpose: Process subscription payments - Data Shared: Email, name, payment information - Privacy Policy: https://stripe.com/privacy - Location: United States (with global infrastructure) 5.2 Mailchimp (Email Marketing) - Purpose: Manage mailing list and send newsletters - Data Shared: Email address, name (if provided), subscription preferences - Privacy Policy: https://www.intuit.com/privacy/statement/ - Location: United States - Note: You can unsubscribe at any time via the link in any email 5.3 Vercel (Hosting and Analytics) - Purpose: Website hosting and anonymized analytics - Data Shared: Anonymized usage data, IP addresses (anonymized) - Privacy Policy: https://vercel.com/legal/privacy-policy - Location: Primarily Canada and United States 5.4 Microsoft (WebView2 Runtime) - Purpose: Browser engine for MetaDock Application - Data Shared: Diagnostic and performance data (controlled by Microsoft) - Privacy Policy: https://privacy.microsoft.com - Location: Global Microsoft infrastructure - See Section 13 for detailed disclosure These third parties have their own privacy policies governing their use of your information. We encourage you to review their policies. 6. COOKIES AND TRACKING TECHNOLOGIES 6.1 What Are Cookies? Cookies are small text files placed on your device by websites you visit. They are widely used to make websites work more efficiently and provide information to website owners. 6.2 Cookies We Use Our Website uses the following types of cookies: a) Essential Cookies - Required for the Website to function properly - Enable core functionality like security and accessibility - Cannot be disabled without affecting Website functionality b) Analytics Cookies (Vercel Analytics) - Collect anonymized information about how visitors use our Website - Help us improve the Website and user experience - Do not identify you personally 6.3 Third-Party Cookies Third-party services (like Vercel Analytics) may set their own cookies on your device when you visit our Website. We do not control these cookies. 6.4 Cookie Management You can control cookies through your browser settings: - Most browsers allow you to refuse cookies or delete cookies - Browser help sections provide instructions on managing cookies - Note: Disabling cookies may affect Website functionality For more information about cookies, visit: https://www.allaboutcookies.org 6.5 Do Not Track Signals Some browsers include a "Do Not Track" (DNT) feature. Our Website does not currently respond to DNT signals because there is no industry standard for how to respond to them. 7. DATA RETENTION 7.1 How Long We Keep Your Information We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. a) Active Accounts - We retain your information while your account or subscription is active b) Inactive Accounts and Historical Records - After account closure or subscription termination, we retain your information for seven (7) years to comply with tax, accounting, and legal obligations - This includes license keys, subscription history, and transaction records required for financial audits and tax compliance - After the 7-year retention period, personal information is deleted unless we have a legal obligation to retain it longer c) Mailing List - We retain your email address until you unsubscribe from our mailing list - Upon unsubscribe, your email is removed within 30 days d) Support Communications - We retain support emails and communications for three (3) years for customer service improvement and dispute resolution purposes - After 3 years, support communications are deleted unless needed for ongoing legal matters 7.2 Legal and Regulatory Retention We may be required to retain certain information for legal, tax, accounting, or regulatory purposes, including: - Financial transaction records (typically 7+ years) - License and subscription records - Records necessary to comply with tax laws and audits 7.3 Data Deletion Even after you request deletion of your personal information (see Section 9), we may retain certain information as permitted or required by law, including: - Information necessary to resolve disputes or enforce our agreements - Information required for legal, tax, or regulatory compliance - Anonymized or aggregated data that does not identify you 8. DATA SECURITY 8.1 Security Measures We implement reasonable administrative, technical, and physical security measures to protect your personal information from unauthorized access, use, disclosure, alteration, or destruction. Security measures include: - Encryption of data in transit (HTTPS/TLS) - Secure storage of data with access controls - API key protection for accessing sensitive data - Regular security assessments and updates - Use of reputable third-party service providers with strong security practices 8.2 Third-Party Security Payment information is handled exclusively by Stripe, a PCI-DSS Level 1 certified payment processor. We never have access to your full credit card details. 8.3 No Absolute Security While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information. 8.4 Your Responsibility You are responsible for: - Maintaining the confidentiality of your account credentials - Notifying us immediately of any unauthorized access to your account - Using strong, unique passwords 8.5 Breach Notification In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable law. 9. YOUR PRIVACY RIGHTS You have certain rights regarding your personal information, depending on your location. 9.1 Rights Available to All Users a) Access - You can request a copy of the personal information we hold about you b) Correction - You can request that we correct inaccurate or incomplete information c) Deletion - You can request deletion of your personal information, subject to legal and regulatory exceptions (see Section 7.2) d) Opt-Out of Marketing - You can unsubscribe from marketing emails at any time by clicking the "unsubscribe" link in any email or contacting privacy@metadock.app - Note: You will still receive transactional emails (receipts, license information, critical service updates) e) Object to Processing - You can object to certain uses of your personal information f) Data Portability - You can request a copy of your information in a structured, commonly used format 9.2 How to Exercise Your Rights To exercise any of these rights, please contact us at: Email: privacy@metadock.app Subject: Privacy Rights Request Please include: - Your full name and email address - A description of your request - Any relevant account or license information We will respond to your request within 30 days (or as required by applicable law). 9.3 Verification For security purposes, we may need to verify your identity before processing your request. This may involve asking for additional information or documentation. 9.4 No Discrimination We will not discriminate against you for exercising your privacy rights. 9.5 Additional Rights by Jurisdiction Depending on your location, you may have additional rights. See Section 16 for jurisdiction-specific rights under PIPEDA (Canada), GDPR (EU), and CCPA (California). 10. AGE RESTRICTION & CHILDREN'S PRIVACY 10.1 Age Requirement MetaDock is intended for users 18 years of age or older. By using MetaDock, you represent that you are at least 18 years old. If you are under 18, you may not use MetaDock. 10.2 Children's Privacy We do not knowingly collect personal information from anyone under 18 years of age. Our services are designed for adults and business use. If you are under 18, please do not provide any personal information through our Website or Application. 10.3 Parental Rights If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately at privacy@metadock.app. Parents and guardians have the right to: - Review any personal information we have collected from their child - Request deletion of their child's personal information - Refuse to permit further collection or use of their child's information To exercise these rights, contact privacy@metadock.app with: - Your relationship to the child - The child's name and email address (if known) - Your preferred method of contact for verification purposes We will verify your identity as the parent or legal guardian before processing any requests. We will respond within 30 days and delete the child's information promptly upon verification. 11. INTERNATIONAL DATA TRANSFERS 11.1 Data Storage Location Your personal information is primarily stored on servers located in Canada. However, our service providers may store or process data in other countries, including the United States. 11.2 Cross-Border Transfers When we transfer personal information outside of Canada, we ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable laws, including: - PIPEDA (Canada) - GDPR (European Union) - CCPA (California) 11.3 Service Provider Locations Our third-party service providers may process your information in the following locations: - Stripe: United States and globally - Mailchimp: United States - Vercel: Canada and United States - Microsoft (WebView2): Global infrastructure 11.4 Legal Protections Data transferred outside Canada is protected by: - Contractual agreements with service providers - Compliance with applicable data protection laws - Industry-standard security measures 12. THIRD-PARTY WEBSITES AND SERVICES 12.1 Third-Party Links Our Website may contain links to third-party websites, services, or resources. We are not responsible for the privacy practices or content of these third-party sites. 12.2 No Control We do not control third-party websites and are not responsible for their privacy policies, terms, or practices. We encourage you to review the privacy policies of any third-party websites you visit. 12.3 MetaDock Application The MetaDock Application allows you to browse the internet and access third-party websites. Your interactions with those websites are governed by their respective privacy policies, not this Privacy Policy. We do not collect, monitor, or have access to your browsing activity within the Application. 13. MICROSOFT WEBVIEW2 PRIVACY DISCLOSURE 13.1 What is WebView2? MetaDock uses Microsoft Edge WebView2 as its browser engine. WebView2 is a component provided by Microsoft that enables web browsing functionality within desktop applications. 13.2 Data Collected by Microsoft WebView2 may send diagnostic and performance data to Microsoft, including: - Crash reports and error diagnostics - Performance metrics - Feature usage statistics - Browser compatibility data This data collection is controlled by Microsoft, not Gammal Software, Inc. 13.3 Microsoft's Privacy Policy Microsoft's collection and use of data through WebView2 is governed by Microsoft's Privacy Policy, available at: https://privacy.microsoft.com We recommend reviewing Microsoft's Privacy Policy to understand what data Microsoft collects and how it is used. 13.4 Our Relationship with Microsoft Gammal Software, Inc. does NOT receive, access, or control the diagnostic data that WebView2 sends to Microsoft. This data is sent directly from your device to Microsoft's servers. 13.5 User Control You may have some control over Microsoft's data collection through: - Windows privacy settings - Microsoft account settings - WebView2 configuration options (if available) Please refer to Microsoft's documentation for information on managing privacy settings. 13.6 No Liability Gammal Software, Inc. is not responsible for Microsoft's data collection practices, privacy policies, or use of data collected through WebView2. 14. CHANGES TO THIS PRIVACY POLICY 14.1 Right to Modify We reserve the right to update, modify, or change this Privacy Policy at any time to reflect changes in our practices, legal requirements, or for other operational, legal, or regulatory reasons. 14.2 Notice of Changes When we make material changes to this Privacy Policy, we will: - Update the "Last Updated" date at the top of this page - Provide notice through our Website (such as a banner notification) - Send an email notification to our mailing list subscribers (for significant changes) 14.3 Effective Date Changes become effective when posted on our Website, or on the date specified in the notice, whichever is later. 14.4 Acceptance of Changes For non-material changes (such as clarifications or minor updates), your continued use of our Website or Application after changes are posted constitutes your acceptance of the revised Privacy Policy. For material changes that affect how we collect, use, or share your personal information, or that affect your rights under GDPR: - We will request your explicit consent before the changes take effect for users in the European Economic Area, United Kingdom, or Switzerland - Other users may continue using our services, and continued use constitutes acceptance - If you do not agree to material changes, you must stop using our services and may request deletion of your personal information 14.5 Review Regularly We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. 15. CONTACT US If you have questions, concerns, or complaints about this Privacy Policy or our privacy practices, please contact us: Privacy Inquiries: Email: privacy@metadock.app Subject: Privacy Policy Inquiry General Support: Email: support@metadock.app Legal Matters: Email: legal@metadock.app Mailing Address: Gammal Software, Inc. 303D-2967 Dundas Street West Toronto, Ontario M6P 1Z2 Canada We will respond to privacy inquiries within 30 days or as required by applicable law. 16. PRIVACY RIGHTS FOR SPECIFIC JURISDICTIONS 16.1 CANADA (PIPEDA - Personal Information Protection and Electronic Documents Act) If you are a resident of Canada, you have specific rights under PIPEDA: a) Right to Access - You have the right to request access to your personal information in our possession b) Right to Correction - You have the right to request correction of inaccurate or incomplete personal information c) Right to Withdraw Consent - You may withdraw your consent to our use of your personal information at any time, subject to legal or contractual restrictions d) Right to File a Complaint - You have the right to file a complaint with the Office of the Privacy Commissioner of Canada if you believe we have violated PIPEDA - Website: https://www.priv.gc.ca - Phone: 1-800-282-1376 e) Accountability - We are accountable for personal information under our control, including information transferred to third-party service providers f) Limiting Collection - We only collect personal information that is necessary for the purposes identified in this Privacy Policy g) Consent - We obtain your express or implied consent before collecting, using, or disclosing your personal information - Express consent is obtained for sensitive matters (e.g., mailing list subscription, account creation) - Implied consent is relied upon for non-sensitive matters where the purpose is obvious (e.g., website analytics for improving user experience) - You may withdraw consent at any time, subject to legal or contractual restrictions To exercise your PIPEDA rights, contact privacy@metadock.app. 16.2 EUROPEAN UNION (GDPR - General Data Protection Regulation) If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have specific rights under GDPR: a) Legal Basis for Processing We process your personal data based on the following legal grounds: - Consent: You have given clear consent for us to process your personal data for specific purposes (e.g., mailing list subscription) - Contract: Processing is necessary to fulfill our contract with you (e.g., providing the Application, processing subscriptions) - Legal Obligation: Processing is necessary to comply with legal obligations - Legitimate Interests: Processing is necessary for our legitimate business interests (e.g., improving our services, preventing fraud) b) Your GDPR Rights - Right of Access: Obtain confirmation of whether we process your data and request a copy - Right to Rectification: Request correction of inaccurate or incomplete data - Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data, subject to legal exceptions - Right to Restriction of Processing: Request that we limit how we use your data - Right to Data Portability: Receive your data in a structured, commonly used format and transmit it to another controller - Right to Object: Object to our processing of your data based on legitimate interests or for direct marketing - Right to Withdraw Consent: Withdraw your consent at any time (does not affect the lawfulness of processing before withdrawal) - Right Not to Be Subject to Automated Decision-Making: We do not use automated decision-making or profiling c) Data Protection Officer For GDPR-related inquiries, contact our privacy team at: Email: privacy@metadock.app Subject: GDPR Inquiry d) Supervisory Authority You have the right to lodge a complaint with a supervisory authority in your jurisdiction if you believe we have violated GDPR. e) International Transfers When we transfer your personal data outside the EEA, we ensure appropriate safeguards are in place: - We use service providers (Stripe, Mailchimp, Vercel, Microsoft) that comply with applicable data protection laws - Where required, we implement Standard Contractual Clauses (SCCs) approved by the European Commission with our service providers - We rely on adequacy decisions by the European Commission where applicable (e.g., Canada has received an adequacy decision for PIPEDA-compliant organizations) - Our service providers maintain their own GDPR compliance programs and safeguards f) Data Retention We retain your personal data only for as long as necessary for the purposes set out in this Privacy Policy or as required by law. To exercise your GDPR rights, contact privacy@metadock.app. We will respond within 30 days. 16.3 CALIFORNIA (CCPA - California Consumer Privacy Act) If you are a California resident, you have specific rights under the CCPA (as amended by the CPRA): a) Right to Know You have the right to request that we disclose: - Categories of personal information we collected about you - Categories of sources from which we collected personal information - Our business or commercial purpose for collecting or selling personal information - Categories of third parties with whom we share personal information - Specific pieces of personal information we collected about you b) Right to Delete You have the right to request deletion of your personal information, subject to certain exceptions (e.g., legal compliance, completing transactions, security purposes). c) Right to Correct You have the right to request correction of inaccurate personal information. d) Right to Opt-Out of Sale or Sharing We do NOT sell your personal information to third parties. We do NOT share your personal information for cross-context behavioral advertising. e) Right to Limit Use of Sensitive Personal Information We do not collect or use sensitive personal information in ways that would trigger this right. f) Right to Non-Discrimination We will not discriminate against you for exercising your CCPA rights, including by: - Denying goods or services - Charging different prices or rates - Providing a different level or quality of goods or services g) Authorized Agents You may designate an authorized agent to make a CCPA request on your behalf. We may require verification of the agent's authority. h) Categories of Personal Information We Collect In the past 12 months, we have collected the following categories of personal information: - Identifiers (email address, hashed hardware ID, license key) - Commercial information (subscription history, purchase records) - Internet or network activity (website analytics, pages viewed) - Geolocation data (general region from IP address) i) Categories of Personal Information We Disclose We disclose the following categories for business purposes: - Identifiers: to Stripe (payment processing), Mailchimp (email services) - Commercial information: to Stripe (payment processing) - Internet activity: to Vercel (analytics) j) How to Exercise Your CCPA Rights To exercise your rights under CCPA, contact us at: Email: privacy@metadock.app Subject: CCPA Privacy Rights Request Include your name, email address, and a description of your request. We will verify your identity before processing your request and respond within 45 days (extendable by an additional 45 days if necessary). k) Shine the Light Law California's "Shine the Light" law permits California residents to request information about our disclosure of personal information to third parties for their direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes. --- ACKNOWLEDGMENT BY USING OUR WEBSITE OR APPLICATION, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY AND CONSENT TO OUR COLLECTION, USE, AND DISCLOSURE OF YOUR PERSONAL INFORMATION AS DESCRIBED HEREIN. If you have any questions or concerns about this Privacy Policy, please contact us at privacy@metadock.app. --- END OF PRIVACY POLICY Copyright © 2026 Gammal Software, Inc. All rights reserved.