The short version
Sweep Collector is local-first. The website needs the bare minimum to run accounts and bill you; the desktop app does the automation on your machine. We don't run third-party analytics, we don't sell anything, and the only third parties involved are the ones the product can't exist without (Stripe for payments, Cloudflare for hosting, Sentry for crash reports and broken-site diagnostics).
What we collect on the server
Account
- Email address.
- Password, stored as a salted hash, not as plaintext.
- Email verification status and timestamps for sign-up and last login.
- A reset token (short-lived, hashed) if you request a password reset.
Billing
- Stripe customer ID and subscription ID, the current subscription status and quantity (number of players), and the renewal date.
- We do not store card numbers, CVCs, or full billing addresses. Stripe handles payment data directly.
Licenses and device activation
- One row per active player, plus a device fingerprint that ties the desktop app to the license that activated it. The fingerprint is a salted hash so it can't be reversed back to anything identifying.
Operational logs
- Worker request logs (path, status, duration) for a short window so we can debug outages. IP addresses appear in these logs and are not retained beyond Cloudflare's default retention window.
- Crash reports from the desktop app via Sentry. Structured events can include stack traces, basic environment details, and aliased collection-health evidence; text fields have passwords, tokens, usernames, emails, and known run credential values scrubbed client-side. A native fatal crash may also include a binary minidump produced by Electron/Sentry; because it is process-memory evidence, it cannot be text-scrubbed and may contain data that was in memory at the time.
- Broken-site diagnostic reports: when a site repeatedly fails to collect, the app can send us exact-player run events plus scrubbed text page evidence (such as HTML, visible-state, console, and failed-network details) so we can fix it. Automatic reports do not include screenshots or the process-wide app log. Passwords, tokens, usernames, emails, and the run's known credential values are scrubbed before send. This is enabled by default and can be turned off under Settings → Support.
- For a site we can't reproduce, we may temporarily turn on a richer capture of your signed-in session on your machine, capturing screenshots, page structure (HTML), a step-by-step interaction trace, network activity (including small samples of failed server responses), and in-app values such as your balance, to diagnose it. Text artifacts have passwords, tokens and other known-sensitive fields scrubbed before upload; screenshots and the interaction trace are inherently visual and are not text-scrubbed. These captures are stored encrypted at rest and automatically deleted after 30 days.
What stays on your machine
- Site credentials. Encrypted with your OS keychain via Electron's safeStorage and stored as opaque blobs in the local SQLite database. They cannot be decrypted off your machine.
- Cookies and browser storage for each site you log into, kept in a per-site Chrome profile directory under your user data folder.
- Balance history, run logs, schedules. Local SQLite only. The complete database is never uploaded. When broken-site diagnostics are enabled, a bounded exact-player subset of run events and balance evidence may be sent as described above; an operator-armed rich capture may include additional in-session evidence for that player.
- Activity logs. The desktop app writes a rolling main-process log to your user data folder so you can read it if something misbehaves. Automatic reports do not attach this process-wide log.
Third-party services we rely on
We don't run Google Analytics, Mixpanel, Segment, or any other tracker on the marketing site or in the desktop app.
Email
We send transactional email only: verification links, password resets, billing receipts (those come from Stripe), and the occasional service notice (e.g. "we're deprecating support for X site"). No marketing newsletters.
Cookies on this website
Only what's needed to keep you signed in: a session cookie issued by our auth layer. No advertising, analytics, or cross-site tracking cookies.
How long we keep things
- Active account data is retained for as long as your account exists.
- When you delete your account from /account, we cancel your Stripe subscription, delete your auth and license rows, and the desktop app loses activation on its next check. Stripe retains its own records for the period required by US tax and payment regulations; that's outside our control.
- Worker request logs roll off automatically. Sentry events are retained for the default Sentry retention window and then dropped.
- Richer diagnostic captures (see above) are auto-deleted 30 days after they're uploaded.
Your rights
You can: view and edit your account data from /account, cancel billing at any time through the Stripe Customer Portal, and delete your account in full from the Danger Zone of your account page. If you'd like a copy of what we have on you, or a deletion confirmation in writing, email support@sweepcollector.com.
Children
Sweep Collector is not intended for anyone under 18. We don't knowingly collect data from minors. If you believe a child has signed up, let us know and we'll delete the account.
Changes to this policy
If we change anything material we'll bump the effective date at the top and, for significant changes, send an email to active accounts ahead of the change.
Contact
Kyter LLC · support@sweepcollector.com