Butak Butak
Early Access — €9.99

Privacy Policy — Butak

How Butak collects, uses, and protects your data.

Last updated: 2026-04-26

Privacy Policy

Butak (“we”, “us”) is a paid macOS Git client. This policy explains, in plain language, what data the desktop app and the website collect, who processes it, and what your rights are. We aim to be honest rather than maximally protective: where a claim has a caveat, we surface it.

What We Collect

The Butak desktop app sends pseudonymous product analytics through TelemetryDeck, an EU-based analytics service. Your repositories, working trees, commits, branches, diffs, file paths, and remote URLs never leave your machine through Butak. The analytics signals describe what kind of action you took, not what you took the action on.

Categories of events emitted by the desktop app (roughly 157 distinct keys, full catalog tracked in our internal analytics spec):

  • App and window lifecycle — app launched, About window opened, Welcome window shown, check-for-updates clicked.
  • Repository lifecycle — open, init, clone (started, completed, canceled), tab open/close, repo switch.
  • Branches and tags — created, renamed, deleted, checked out, fast-forwarded, pushed, pulled.
  • Commits — create, push, select, cherry-pick, revert, reset.
  • Stage / unstage / discard / ignore — file-level and bulk actions, plus per-hunk stage/unstage/discard from the diff pane.
  • Stash, merge, rebase, conflict resolution — operation invoked, aborted, continued, or completed; merge editor open/save/cancel.
  • Fetch and pull — manual, automatic, auto-fetch enabled/disabled.
  • Search, tabs, recents, snapshots, themes, font, locale.
  • Settings changes — appearance, auto-fetch interval, auto-prune toggle, branch-space replacement, git binary path, git config (user name, email, default branch, global excludes, ssh command), keybinding rebinds, signing toggles.
  • Licensing, purchase, paywall, and upgrade-nag events — emitted once the in-app license manager ships.

What the desktop app does not send, by contract:

  • File paths, repository paths, or working-tree contents
  • Branch names, tag names, commit hashes, or commit messages
  • Remote URLs (git@, https://, SSH hosts)
  • Email addresses or license keys
  • Your IP address (TelemetryDeck does not store it)

This boundary is enforced as an internal contract: parameter values are restricted to short enums (success, failure, canceled), bucketed counts and durations, and tier names. No free-form user content is permitted in any signal.

Auto-collected device metadata

On every signal, the TelemetryDeck SDK automatically attaches: app version and build, macOS major version and full version, device architecture and model, locale, language, region, timezone, accessibility settings (bold text, reduce motion, color scheme), a pseudonymous installation ID, a session ID, and a server-side timestamp rounded to the nearest hour.

Pseudonymous, not anonymous

TelemetryDeck derives the installation ID from a two-stage SHA-256 hash of identifierForVendor — Apple’s per-vendor device identifier. The hashing is one-way and the original value is not stored, but under Art. 4(5) GDPR this is pseudonymous data, not fully anonymous. We disclose this honestly rather than overclaim.

How It’s Stored

Our analytics processor is TelemetryDeck GmbH, Von-der-Tann-Str. 54, 86159 Augsburg, Germany. Their privacy policy is at telemetrydeck.com/privacy and the Data Processing Agreement is at telemetrydeck.com/dpa.

Data is hosted in the EU on Microsoft Azure (Amsterdam), AWS (Frankfurt), and Hetzner (Germany). We have requested clarification on which AWS region handles ingest and will update this section once confirmed.

No cookies are set. IP addresses are not stored. Crash reports are not collected.

Kill switch (for self-builders)

The flag that enables telemetry — AnalyticsService.isTelemetryEnabled — is a hardcoded compile-time constant in the Butak source tree. If you build Butak from source and flip it to false, no telemetry is emitted at all (the SDK is never even initialized). It is not a runtime preference and we do not control it remotely. Likewise, LicenseManager.isLicenseEnforcementEnabled is a separate compile-time constant — Butak has no remote-control mechanism for features.

Payment Processing

Butak does not collect, store, or process payment card information. All purchases are handled by LemonSqueezy, our Merchant of Record (MoR). LemonSqueezy is PCI DSS compliant, handles EU VAT and US sales tax for all transactions, and issues invoices and receipts directly. Card data is transmitted directly to LemonSqueezy’s servers and is never accessible to Butak.

Refunds are available for 14 days from purchase, processed by LemonSqueezy on request through their customer portal. For transactional questions (charges, invoices, refunds, tax), contact LemonSqueezy customer support; for product or license questions, email support@butak.dev.

Website Analytics

Our website (butak.dev) uses Cloudflare Web Analytics, which is cookieless and does not collect personal data. No consent banner is required for this site or app because we do not set cookies and TelemetryDeck does not process personal data under their own legal interpretation.

Data Retention

TelemetryDeck does not publish a specific numerical retention period in their public documentation. We have emailed datenschutz@telemetrydeck.com to request clarification and will update this policy with a concrete number when received. In the meantime, see telemetrydeck.com/privacy for their current statement.

LemonSqueezy retains transaction records as required by EU VAT law and applicable tax authorities. Their retention is governed by their own privacy policy.

Your Rights

Under GDPR (and equivalent regimes such as the UK GDPR and CCPA), you have the right to:

  • Access the personal data we hold about you
  • Request correction or deletion
  • Object to processing or request restriction
  • Lodge a complaint with your local supervisory authority

For payment-related data (name, billing address, email, transaction history), exercise these rights through LemonSqueezy’s customer portal — they hold the records.

For desktop-app analytics, see the next section.

Subject Access Requests

We cannot retrieve user-specific analytics data from TelemetryDeck on request, because no name, email, or directly identifying field is stored against your signals — the only identifier is a doubly-hashed pseudonymous installation ID, and we do not retain the original value used to derive it. If you wish to stop further analytics emission from your installation, your options are: (a) build Butak from source with the kill switch flipped, or (b) contact us and we will discuss what is operationally possible.

If you believe TelemetryDeck holds data about you that you wish to exercise rights over directly with the processor, contact datenschutz@telemetrydeck.com.

We process desktop-app analytics under Art. 6(1)(f) GDPR — legitimate interest in measuring product usage to improve Butak. This is our chosen basis as the data controller. (TelemetryDeck’s own snippet uses Art. 6(1)(b) — necessary for service delivery — for their own role as processor; we are reviewing whether 6(1)(b) or 6(1)(f) is the correct basis for our role and will update this section once confirmed with counsel.) Payment processing is performed under Art. 6(1)(b) — performance of a contract.

Contact

  • General and product support: support@butak.dev
  • Security disclosures: security@butak.dev
  • Payment, refund, and tax questions: through LemonSqueezy’s customer portal
  • TelemetryDeck data protection: datenschutz@telemetrydeck.com

Last Updated

2026-04-26.