Legal

Privacy Policy

Last updated: 2026-05-24

HotkeyX is a macOS menu-bar app that rewrites selected text into better AI prompts. This page explains what data we collect, why we collect it, and the controls you have over it. We aim for plain English over legalese.

Information we collect

We collect the minimum information needed to run the service. That falls into three buckets:

  • Account data. Your email address (used for sign-in and billing receipts) and your sign-in tokens. Tokens are stored locally on your Mac in the system Keychain — never on our servers in cleartext.
  • Per-call telemetry. For every improvement request, we log: a one-way peppered hash of your user ID (we cannot reverse it back to your email), the latency of the call, the model used, the high-level intent classification, and whether the call succeeded or failed. We do not log the text you selected or the rewritten output unless you have history enabled (see below).
  • Optional rewrite history. If you turn on the History toggle in the HotkeyX Settings, we store your captured selection and the resulting rewrite so you can review them later. History is off by default, encrypted at rest with per-user AES-256-GCM keys, and visible only to you. You can turn it off any time and existing entries can be deleted from the History tab.

How we use it

We use the data above to:

  • Authenticate you and deliver improvements to your Mac.
  • Bill you (Pro subscribers only) and send transactional emails like receipts, magic-link sign-in codes, and account notifications.
  • Monitor performance and error rates so we can keep the service fast and reliable. Aggregate telemetry — never raw prompts — drives this.
  • Enforce usage limits and prevent abuse.

We do not sell your data, we do not share it with advertisers, and we do not use it to train AI models.

What we don't collect

  • The text you select, unless you opt in. When you trigger HotkeyX, the selected text is sent to our server so an AI model can rewrite it. We don't persist the raw text on disk unless you have History enabled. The text necessarily passes through memory during the improve call.
  • Keystrokes outside the hotkey. HotkeyX uses macOS Accessibility APIs to read the text you have selected when you press the hotkey. It does not log keystrokes, monitor input, or run in the background watching what you type.
  • Payment card numbers. Billing is handled by Stripe. We never see, store, or process your card information — Stripe gives us a tokenized customer reference.
  • Third-party tracking. No advertising cookies, no cross-site tracking pixels, no third-party analytics that build a profile of you.

Third parties we use

HotkeyX is built on a small set of trusted infrastructure providers:

  • Anthropic— runs the Claude models (Sonnet 4.6 and Haiku 4.5) that produce the actual rewrites. Your selection is sent to Anthropic over TLS during an improvement call. Anthropic's data policy governs the inference call itself. We do not opt your prompts into model training.
  • Supabase — hosts our Postgres database and authentication. Your account record, encrypted history (if enabled), and telemetry rows live here. Access is gated by row-level security so you can only read your own rows.
  • Stripe — processes Pro subscription payments. We send Stripe your email so it can identify your customer record; Stripe handles everything card-related.
  • Resend — sends transactional email (magic-link sign-in, receipts).
  • Vercel — hosts the website and API. Standard request logs (IP, timestamps, status codes) are retained briefly for security and debugging.
  • Apple — if you choose Sign in with Apple, Apple proxies your email and we receive only an opaque identifier and (optionally) a relay address.

Encryption

All traffic between the macOS app, your browser, and our servers is encrypted in transit with TLS 1.2 or higher. Rewrite history, when enabled, is encrypted at rest using AES-256-GCM with a per-user data encryption key derived via HMAC from a master key held only on the server. Even our database administrators cannot read your history content without that key.

Cookies

The website sets one category of cookie: an authentication session cookie that keeps you signed in across page loads. There are no third-party tracking cookies, no advertising cookies, and no analytics cookies that follow you off-site.

Data retention

Telemetry rows are retained for up to 12 months for service-health analysis, then aggregated and the per-call rows deleted. Rewrite history (if enabled) is kept indefinitely until you delete individual entries, turn off history, or delete your account. Account records and authentication data persist for the lifetime of your account.

Your rights

You can, at any time:

  • Disable rewrite history from the HotkeyX Settings (History tab).
  • Delete individual history entries from the History tab.
  • Export a copy of your account data, including history. Email support@hotkeyx.app with the subject line “Data export”.
  • Delete your account and all associated data. Email support@hotkeyx.app with the subject line “Account deletion”. We complete deletions within 30 days.

If you are in the EU, UK, or California, you have additional rights under GDPR, UK GDPR, and the CCPA respectively — including the right to access, correct, and request portability of your personal data. All of those requests go to the same support address.

Children

HotkeyX is not directed at children under 13. If you believe a child has created an account, contact us and we will delete it.

Changes to this policy

If we change how we handle your data, we will update this page and update the “Last updated” date at the top. Material changes will also be announced by email to active users.

Contact

Questions about privacy or this policy? Email support@hotkeyx.app. For our registered business address, ask in the same message and we will reply with it.