GDPR · RGPD

Privacy Policy

Last updated: 13 July 2026

Joan Lecha Guix, operating as a self-employed professional under Spanish law under the trade name "Tigermole" ("Tigermole", "we", "us") is committed to protecting your personal data and respecting your privacy in accordance with Regulation (EU) 2016/679 (GDPR) and applicable Spanish data protection law (LOPDGDD). This Privacy Policy explains what data we collect, why, and your rights over that data.

1. Data Controller

Joan Lecha Guix (Tigermole) Calle Joaquim Vives Prat 18, B-2, 08392 Sant Andreu de Llavaneres, Barcelona, Spain DNI: 21784928H joan@tigermole.com

2. Data We Collect

We collect the following categories of personal data:

Account, purchase and support data: email address and information you provide when requesting a trial, purchasing, managing a subscription or contacting us. Stripe processes payment data directly; TigerMole does not store full card details.

Licence and device data: email, licence key and status, pseudonymous device identifier, platform, hostname where supplied and activation records needed to validate use and licensed seats.

Analytics data (prior consent required): pseudonymised or aggregated page, session and interaction metrics through PostHog and Google Analytics 4. If you join the macOS notification list, your email is included in a PostHog survey response only after accepting analytics cookies and selecting the form's specific consent checkbox.

Technical and diagnostic data: IP addresses and request metadata retained by infrastructure providers, plus errors, traces and limited technical context processed through Sentry. We do not send prompts, code, secrets or proxy-processed content to these services.

3. Legal Basis for Processing

We process personal data on the following legal bases under GDPR Article 6:

Contract or pre-contractual steps (Art. 6(1)(b)): trials, purchases, billing, requested support and licence management.

Consent (Art. 6(1)(a)): website analytics and the macOS availability notification. You may withdraw consent through cookie preferences and request deletion of your email.

Legitimate interests (Art. 6(1)(f)): security, technical diagnosis and fraud prevention, subject to data minimisation and balancing of rights.

Legal obligation (Art. 6(1)(c)): invoicing and tax records required by applicable law.

4. Data Retention

Account, subscription, billing and licence data is retained during the contractual relationship and afterwards for the periods needed to meet legal obligations and address potential claims.

Analytics data is retained for 12 months in PostHog and 14 months in Google Analytics 4. The macOS waitlist email is deleted after the notification is sent, when consent is withdrawn or after 24 months at the latest.

Contact and support data is retained for up to 2 years after the last interaction unless required for a contract or claim.

5. Providers and Recipients

We use providers for defined purposes and with different data categories:

Stripe — payments, subscriptions, billing, billing address and tax information.

Keygen — licence and device creation, validation and activation.

Resend — transactional email delivery and delivery metadata.

PostHog — consent-based web analytics and, only with specific consent, the email submitted for the macOS availability notice.

Google Analytics 4 — pseudonymous or aggregated web measurement after analytics is accepted.

Sentry — error diagnosis and limited API technical context; it is not used to send prompts, code or secrets.

Heroku — API hosting, including network metadata and the account, purchase and licence requests passing through the service.

Aiven — MySQL hosting for account, subscription and licence data.

GitHub Releases — direct distribution of installers and release files. TigerMole does not send GitHub account, payment or licence data; GitHub may receive IP address, user-agent and network metadata when serving a download under its own terms.

Listing a provider does not assume that every provider has the same legal role. Whether it acts as a processor, subprocessor or independent controller is assessed for the applicable service and contract.

6. Cookies

We use the following cookies:

Essential cookies:

• tm_consent — Stores your cookie consent preferences. Duration: 1 year. No personal data.

• i18nextLng — Stores your language preference. Duration: session/localStorage. No personal data.

Analytics cookies (consent required):

• ph_* (PostHog) — Pseudonymised session analytics. Duration: 1 year.

• _ga, _ga_* (Google Analytics 4) — Aggregated usage analytics. Duration: up to 2 years.

You can manage your cookie preferences at any time by clicking the "Cookie Preferences" link in the site footer.

7. Your GDPR Rights

Under GDPR Chapter III, you have the following rights:

Right of access (Art. 15): Request a copy of the personal data we hold about you.

Right to rectification (Art. 16): Request correction of inaccurate data.

Right to erasure (Art. 17): Request deletion of your data ("right to be forgotten") where no legal basis for retention exists.

Right to restriction (Art. 18): Request that we restrict processing of your data.

Right to data portability (Art. 20): Receive your data in a structured, machine-readable format.

Right to object (Art. 21): Object to processing based on legitimate interests.

Right to withdraw consent: Withdraw analytics consent at any time via the cookie preferences panel — this does not affect prior processing.

To exercise any right, contact joan@tigermole.com. We will respond within 30 days. You also have the right to lodge a complaint with the Spanish Data Protection Authority (AEPD) at aepd.es.

8. International Data Transfers

The current configuration uses PostHog's European endpoint, an EU Heroku region for the API and an EU Aiven region for the database. Selecting a European region does not by itself mean that all support, security or ancillary processing remains in the EEA.

Where a provider processes data outside the EEA, the applicable mechanism will be used after reviewing its terms: an adequacy decision, Standard Contractual Clauses or another valid safeguard. Stripe, Google Analytics 4, Keygen, Resend, Sentry and GitHub may carry out international processing depending on the service and configuration.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, or unauthorised disclosure. These measures include TLS encryption for data in transit, access controls, and regular security reviews.

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the AEPD within 72 hours and, where required, notify affected individuals without undue delay.

10. Changes to This Policy

We review this policy and the internal provider register whenever a service is added, replaced or removed. We will update the "Last updated" date and, where a change is material or legally required, provide notice through an appropriate channel before it applies.

11. Contact

For any privacy-related questions or to exercise your rights, email:

Joan Lecha Guix (Tigermole) joan@tigermole.com

Last updated: 13 July 2026
Consumer Termsjoan@tigermole.com

Your privacy, your choice

We use essential storage to keep the site working and, only with your consent, analytics through PostHog and Google Analytics 4. We do not load advertising providers. Read our Privacy Policy.