Privacy Policy

Last updated: 3 July 2026

The short version: your video, audio, and snapshots live on your hardware and never touch our servers — Calyston is built so that we couldn't watch your cameras even if we wanted to. What little we do process is listed on this page, completely.

1. What the software sends us

A licensed installation periodically checks in with our license server. Each check-in contains, in full:

FieldWhy
Your license keyTo confirm the license is valid
A hardware fingerprint (one-way hash)To enforce one-machine-per-license. It's a hash — it can't be reversed into details about your machine
Software version & uptimeTo know which versions are in use and stable
Camera countTo size our performance work (the number only — never names, models, addresses, or footage)
A crash flag & error classTo spot widespread problems (e.g. "DatabaseError" — no messages, no file paths)

That's the entire list. No footage, no snapshots, no camera details, no user accounts, no IP addresses of anything on your network. There is no analytics or telemetry beyond it, and the license-check code ships readable in every install so you can verify this yourself.

One optional extra: if — and only if — you tick "Share device-type metrics" (off by default), the same check-in also carries three booleans: opened from a phone, opened from a desktop, installed as an app. They tell us whether to build a native mobile app, and nothing else. Untick it and the field disappears from the very next check-in, along with what was collected.

2. When you buy a license

Checkout is handled by Paddle, our merchant of record — your payment details go to Paddle, not to us, under Paddle's privacy policy. We receive and keep exactly two things: your email address and your license record. We use the email to deliver your key, send receipts, and — for subscriptions — remind you before expiry. No marketing lists, no sharing, no selling, ever.

3. Crash reports

If the software crashes, it can send us an anonymous crash report — scrubbed on your machine before sending, containing no identifiers of any kind, and stored on a server we run ourselves (no third-party error service). There is nothing in a crash report that could be traced back to you.

4. This website

5. How long we keep things

License records (email + license) are kept for as long as your license exists, then as long as tax law requires for purchase records. Contact-form emails are kept only as long as the conversation needs. Anonymous data (crash reports, surveys) has nothing in it to delete on request — but we prune it routinely anyway.

6. Your rights (GDPR)

You can ask us at any time what we hold about you, ask us to correct it, or ask us to delete it (deleting your license record means the license can no longer be reactivated — we'll confirm before doing it). You also have the right to complain to your data-protection authority. For any of these, contact us or email [email protected] the developer answers personally.