Effective date: April 15, 2026 · Last updated: April 15, 2026
shooff ("we", "us", "our") is a privacy-first media management application for macOS. This Privacy Policy describes what information we collect, how we use it, and the rights you have regarding your data. By installing or using shooff or visiting shooff.my, you agree to the practices described below.
| Data | Purpose | Retention |
|---|---|---|
| SHA-256 hash of IP address + day | Counting unique visitors (deduplication) | 24 months |
| User-Agent header | Identifying browser/OS for support | 24 months |
| Referer header | Understanding traffic sources | 24 months |
| Country (from Cloudflare) | Aggregate regional analytics | 24 months |
| Accept-Language header | Locale statistics | 24 months |
We do not store raw IP addresses. IP addresses are hashed with a secret salt before being written to our database, so visitor identity cannot be recovered from our records.
We do not use cookies for tracking on the landing page. The administrator dashboard uses one HttpOnly session cookie restricted to staff access.
| Data | Purpose | Retention |
|---|---|---|
| PayPal order ID & capture ID | Payment reconciliation, refunds | 7 years (tax compliance) |
| License key (generated by us) | Entitlement tracking, transferability | Until key is revoked or refunded |
| Amount & currency | Accounting | 7 years (tax compliance) |
| Device identifier (hashed hardware UUID) | Enforcing one-device-per-key policy | Until key is transferred or revoked |
We do not receive or store your credit card number, CVV, billing address, or other payment instrument details. All payment processing occurs through PayPal, subject to PayPal's Privacy Statement.
The app stores your media library, preferences, and license key only on your Mac at ~/Library/Application Support/shooff/. Media files are AES-256 encrypted with a password-derived key. The password never leaves your device.
The app periodically contacts our API (api.shooff.my) only for:
We use the following infrastructure providers. Each has its own privacy practices.
These providers process data only under our instructions and strictly to operate the service.
shooff is operated from the Republic of Korea. Our API runs in asia-northeast3 (Seoul). Cloudflare and PayPal may process data globally. Where data flows outside your country, we rely on standard contractual clauses or equivalent legal safeguards offered by the processor.
Depending on your jurisdiction, you may have the following rights regarding your personal data:
To exercise any of these rights, email [email protected]. We respond within 30 days.
Our lawful bases for processing are performance of a contract (processing payments, delivering the service you purchased) and legitimate interests (preventing abuse, improving the product). You have the right to lodge a complaint with your local supervisory authority.
We do not sell or share personal information for cross-context behavioral advertising. You may request access to, deletion of, or correction of your data by contacting us.
Under the Personal Information Protection Act, you may request access, correction, deletion, or suspension of processing of your personal information. The data protection officer is reachable at [email protected].
HttpOnly, Secure, and SameSite=Strict attributesshooff is not directed to children under 13 (or 14 in Korea). We do not knowingly collect personal information from minors. If you believe we have collected information from a child, contact us and we will delete it promptly.
Retention periods for each data category are listed in Section 2. Payment records are retained for 7 years to comply with Korean tax law. All other records are deleted or anonymized after 24 months.
We may update this policy to reflect changes in the service or the law. Material changes will be announced on shooff.my with at least 14 days' notice. Continuing to use the service after a change constitutes acceptance of the updated policy.
Questions or requests about this policy: [email protected]