Legal
Privacy Policy
Last updated: June 29, 2026
Overview
fossil is a local-first desktop application for inspecting product interfaces. This Privacy Policy explains what personal data we collect through the fossil website and desktop app, why we collect it, and the choices you have.
We design fossil so that your target projects stay on your machine. We do not use analytics to collect source code, project files, local filesystem paths, command output, server logs, screenshots, secrets, license keys, or target-project content.
Who is responsible for your data
The controller for the data described in this policy is fossil. You can contact us at hello@fossil.design. Publisher details will also be available in the Legal Notice.
Data we collect
- Website hosting data. The fossil website is hosted on Render. When you visit the website, Render may process technical request data such as your IP address, browser and device information, requested URLs, timestamps, and server logs to deliver and secure the website.
- Website analytics. We collect privacy-limited analytics such as page views, CTA clicks, page path, referrer host, campaign parameters, scroll-depth milestones, walkthrough engagement signals, browser-derived device information, approximate location inferred by our analytics provider, and anonymous analytics identifiers.
- Desktop app analytics. If analytics are enabled, we collect explicit product events such as onboarding progress, license workflow status, scan workflow milestones, feature usage, error categories, counts, durations, coarse framework/package-manager categories, and UI settings. Licensed users may be represented by a hashed license activation identifier, not by the raw license key or activation id.
- Purchase and license data. Checkout is handled by Polar. We do not receive your full payment card number. Polar may process your email address, billing details, tax information, payment status, and order records. fossil has access to the order and license information needed to deliver the product and support your license, including your email address, the product purchased, payment status, license status, license identifiers, activation limits, and customer portal status.
- Support communications. If you contact us, we process the information you choose to send, such as your email address, message content, and any files or diagnostic details you attach.
Why we use this data
- To provide the website, checkout flow, downloads, license activation, and customer support.
- To understand whether the product works, where users get blocked, and which workflows need improvement.
- To prevent fraud, abuse, license sharing beyond configured limits, and security issues.
- To comply with tax, accounting, consumer protection, and legal obligations.
Legal bases
When GDPR or similar laws apply, we rely on the following legal bases:
- Contract. To process purchases, activate and validate licenses, provide downloads, and respond to product support requests.
- Legitimate interests. To run privacy-limited analytics, improve fossil, secure the service, and understand aggregate product usage, provided those interests are not overridden by your rights.
- Legal obligation. To keep records required for tax, accounting, and legal compliance.
- Consent. Where consent is required for analytics cookies or similar technologies.
Analytics and cookies
We use PostHog for website and product analytics. On the website, PostHog records page views, explicit CTA clicks, coarse scroll events, and privacy-masked session replays. Landing page replays may show public page text, but mask form inputs, element attributes, console logs, and captured URL query strings. In the desktop app, PostHog records explicit workflow events. We disable broad text capture, surveys, and unrestricted desktop autocapture.
Analytics may use cookies or local storage to remember an analytics identifier and understand repeat usage. You can block or clear these technologies in your browser settings. Where required, we will ask for consent before using non-essential analytics cookies or similar technologies.
Processors and third parties
- PostHog. Provides analytics infrastructure for website and product improvement.
- Polar. Provides checkout, payment, tax, customer portal, and license-key infrastructure.
- Render. Hosts the fossil website and processes technical request data needed to deliver and secure the website.
These providers process data under their own terms and privacy commitments. Polar is responsible for the payment information it collects during checkout. We do not receive your full payment card number. You can also review the privacy policies of PostHog, Polar, and Render.
International transfers
Some providers may process data outside your country, including in the United States. When required, we rely on appropriate safeguards such as data processing agreements, standard contractual clauses, or equivalent transfer mechanisms.
Retention
- Analytics data is kept only as long as needed to understand product usage and improve fossil.
- License and purchase records are kept for as long as needed to provide the product, support your license, and meet legal, tax, and accounting requirements.
- Support messages are kept for as long as needed to resolve the request and maintain business records.
Your rights
If GDPR applies to you, you have the right to access, correct, delete, restrict, or object to the processing of your personal data, and to receive a portable copy of your data. You can also withdraw consent where processing is based on consent.
To exercise these rights, contact hello@fossil.design. If you are in the European Economic Area, you may also lodge a complaint with your local data protection authority.
Changes
We may update this Privacy Policy as fossil changes. When we make material changes, we will update the date above and, where appropriate, provide additional notice.