Privacy Policy

Last updated: 8 May 2026

Overview

Enamio is designed as a local encrypted Mac app. Your accounting records, attachments and backups are stored locally on your Mac and encrypted with a key derived from your PIN. They are not uploaded to a cloud accounting database operated by Enamio. The information described below is what we receive on our servers in order to run trials, licensing, payments, downloads and support.

Information stored on your Mac (never sent to us)

The desktop app stores the financial records you enter — practices, income, expenses, BAS information, tax planning settings, receipts, attachments and backups — together with optional details such as your name and ABN. App data and attachments are encrypted locally with AES-256-GCM using a key derived from your PIN (PBKDF2, 100,000 iterations). Backup files use the same scheme and can only be restored with the backup PIN you set when creating the backup. None of this content is transmitted to Enamio.

Information we receive for trials and licensing

To run trials and licensing we receive and store the following on Cloudflare infrastructure:

• Email address. Provided when you start a trial, activate a paid license, sign in to the License Portal, or complete checkout. Stored in plain text against the trial record and the license record so we can prevent repeat trials on the same email, send your license key, and let you manage your license. Verification codes for trial email confirmation are stored for 15 minutes and deleted after use.
• Machine identifier. A hardware-derived identifier read from your Mac (the system hardware UUID exposed by macOS). It is sent with trial start, license activation and license checks so a license can be bound to specific devices and so trials are not unfairly reset by reinstalling the app. It is stored in plain text in our license and trial records.
• Coarse device fingerprint. When you start a trial, the app sends your Mac's hardware model, CPU model, total RAM, system locale, timezone and platform. We combine this with a hash of your IP /24 subnet and store it only as a SHA-256 hash. The raw values are not retained on our servers. This is used to detect repeat trials when the machine identifier or email has changed.
• IP address and User-Agent. Every request to our licensing Worker exposes your IP address and browser/app User-Agent string. We do not store the raw IP. We store a SHA-256 hash of the IP and a SHA-256 hash of the first 300 characters of the User-Agent against the trial record, and we use a /24 subnet of the IP for rate-limiting and the fingerprint above.
• App version. The app's build version string is sent with licensing checks and stored on the license record so we can keep activations compatible.
• License and subscription metadata. Your license key, plan, status, expiry, activated device list, and (for subscriptions) your Stripe customer and subscription identifiers are stored against your license.

Payments

Payments are processed by Stripe. Enamio does not see or store your full card details. We receive your email address and the Stripe customer and subscription identifiers from Stripe's checkout webhook in order to issue and renew your license. Stripe processes payment information according to its own privacy and security practices.

Downloads

The download page requests release information from GitHub so the latest installer links can be shown. GitHub will see the request as a normal web request from your browser.

Support

If you email support, we use the information you provide to respond and resolve the issue. We cannot access your local Enamio records, attachments or backup contents unless you choose to send them to us. Please avoid sending sensitive financial documents unless they are necessary for support.

Analytics, telemetry and tracking

Enamio does not run analytics, behavioural tracking, crash reporting or remote logging in the desktop app or on our website. We do not use tracking cookies. The only network calls the desktop app makes to us are for trial verification, license activation, license checks and (optionally) update checks.

Sharing

We do not sell your personal information. We share information only with the service providers required to operate Enamio: Stripe for payments, Cloudflare for hosting and licensing infrastructure, GitHub for release downloads, and Resend for transactional email (trial codes, license keys, portal magic links, support replies).

Retention

Local app data and attachments remain on your Mac until you delete them. On our servers:

• Trial records, including the hashed fingerprint and email-hash indexes used to detect repeat trials, are retained for approximately 13 months from creation and then automatically expire.
• Trial email verification codes expire after 15 minutes and are deleted after a single successful use.
• License Portal magic-link tokens expire after 15 minutes.
• License records (key, email, plan, activated devices, Stripe identifiers) are retained for as long as the license is active and afterwards as needed to meet legal, accounting or dispute-resolution obligations.
• Support email is retained for as long as needed to provide ongoing support and meet record-keeping obligations.

Your choices

You can request access, correction or deletion of personal information associated with your license by emailing support@enamio.au. You can deactivate individual devices from the License Portal. Some records may need to be retained where required for legal, accounting or security reasons.

Contact

Questions about privacy can be sent to support@enamio.au.