Privacy Policy

Last updated: 10 June 2026

This Privacy Policy explains how IB Enterprises Oy ("we", "us") handles personal data in connection with the Pelaa website (pelaa.tv) and the Pelaa macOS application.

1. Data controller

IB Enterprises Oy
Y-tunnus (business ID): 3365722-8
Likolammintie 15, 49860 Klamila, Finland
Email: support@pelaa.tv

2. Data we collect

• Waitlist email. If you submit your email through the waitlist form, we store the address and the timestamp so we can notify you when Pelaa launches and reach you about updates relevant to that signup.
• Customer information. When you purchase Pelaa, Lemon Squeezy (lemonsqueezy.com) collects the data needed to complete the transaction (name, email, billing details, country, tax info). We receive a record of your purchase, license key, and email. Lemon Squeezy acts as Merchant of Record for the sale.
• Support correspondence. If you email us, we keep the messages so we can help you and improve the product.
• Free-trial registration. When you start the 14-day free trial, the app sends the email address you enter, a device identifier, and your macOS version to our trial service so we can track active trials, offer one trial per person and per device, and contact you about your trial (for example, before it ends). The device identifier is derived from your Mac's hardware and one-way hashed on your device before it is sent — the hardware serial itself never leaves your Mac — and, unlike data the app stores, it persists across reinstalls of the app and macOS. No payment information is collected. The trial record is kept in the macOS Keychain on your device and on our server; you can ask us to delete the server-side record at any time via support@pelaa.tv.
• License activation and validation. When you activate Pelaa with a license key, the app sends the key, your Mac's hostname (e.g. "Ivan's MacBook Pro"), and a randomly generated device identifier to Lemon Squeezy so the license can be tied to your device and per-device activation limits can be enforced. The device identifier is stored in the macOS Keychain and persists across reinstalls of the app. The same key and device identifier are sent on every launch to confirm the license is still valid; if the request fails (for example, no internet), Pelaa continues to work offline for up to seven days using the most recent validation result. You can release the device at any time from Pelaa → License → Deactivate This Mac.
• Crash and hang diagnostics. So bugs can be found and fixed quickly, Pelaa sends anonymous diagnostic reports through Sentry when the app crashes or freezes. These reports include device model, macOS version, app version, the type of exception, the stack trace where the crash occurred, and recent application events ("breadcrumbs"). They do not include your project files, video content, account name, or email. File-path strings from your computer may appear inside a stack frame if a crash happens while Pelaa is reading a file. Diagnostics are on by default; you can disable them at any time in Pelaa → Settings → Privacy → Crash diagnostics.
• Update checks. Pelaa periodically requests pelaa.tv/appcast.xml to see whether a new version is available. The request is a standard HTTP fetch and does not include any account information, license key, or device identifier.

We do not use tracking cookies or advertising trackers on this website. We do use cookieless, privacy-preserving analytics — see section 10.

3. Why we use your data

• To deliver the Pelaa software and license to you.
• To respond to support requests.
• To notify you about Pelaa availability if you join the waitlist.
• To activate, validate, and enforce the license you purchased.
• To improve product reliability through anonymous crash and hang diagnostics.
• To comply with our legal obligations (accounting, tax, consumer protection).

4. Legal bases (GDPR Article 6)

• Consent — for the waitlist signup.
• Contract — to provide Pelaa to customers who have purchased it, including license activation and validation.
• Legal obligation — to keep records required by Finnish and EU law.
• Legitimate interest — to operate and secure the website and the app, to enforce the license you accepted at purchase, and to maintain product quality through anonymous crash and hang diagnostics. You can object to the diagnostics processing at any time by turning it off in the app's Privacy settings.

5. Processors and recipients

• Lemon Squeezy (lemonsqueezy.com) — Merchant of Record. Payment processing, billing, tax invoicing, license activation and validation, refund processing.
• Cloudflare — website hosting, the waitlist and free-trial endpoints, DNS, and cookieless web analytics (see section 10).
• Sentry — anonymous crash and hang diagnostics. On by default; can be disabled in the app's Privacy settings.
• Resend (resend.com) — sends the trial verification-code and trial-related emails on our behalf; receives your email address for that purpose.
• Email forwarding via the domain registrar — to receive mail sent to support@pelaa.tv.

We do not sell or rent personal data to anyone.

6. Retention

• Waitlist emails are kept until you ask us to delete them, or until 24 months after launch if we have not contacted you successfully.
• Trial registrations (email, device identifier, trial dates) are kept for up to 24 months after the trial ends, or until you ask us to delete them.
• Customer records (invoicing data) are kept for as long as Finnish accounting law requires (currently 6 years from the end of the financial year).
• Support emails are kept for up to 24 months unless ongoing support requires longer retention.
• Crash and hang diagnostics are retained by Sentry in line with their published retention policy and then automatically deleted.
• Cloudflare Web Analytics aggregates are retained in line with Cloudflare's published retention policy. No data on this service identifies you personally.

7. International transfers

Some of our processors operate outside the EEA:

• Lemon Squeezy — operated by a US-based company; payment infrastructure routes through US payment networks.
• Cloudflare — US-based, with global edge infrastructure.
• Sentry — US-based.
• Resend — US-based.

Where personal data is transferred outside the EEA, the transfer is covered by Standard Contractual Clauses or an equivalent safeguard recognised under GDPR Article 44–46.

8. Your rights

Under GDPR you have the right to:

• Access the personal data we hold about you.
• Request correction or deletion.
• Restrict or object to certain processing.
• Receive your data in a portable format.
• Withdraw consent at any time (for example, to leave the waitlist).
• Lodge a complaint with the Finnish Data Protection Ombudsman (Tietosuojavaltuutettu, tietosuoja.fi).

To exercise any of these rights, contact us by email or post:

IB Enterprises Oy
Likolammintie 15, 49860 Klamila, Finland
support@pelaa.tv

Please include the email address associated with your purchase or your order number so we can locate the relevant records.

9. Security

We use HTTPS for the website, restrict access to systems containing personal data, and rely on reputable processors with their own security programs. No system is perfectly secure; in the event of a personal data breach we will notify the supervisory authority and affected users in line with GDPR Article 33–34.

10. Cookies, storage, and analytics

The Pelaa website does not set cookies, does not use advertising trackers, and does not write to your browser's local storage or session storage.

We use Cloudflare Web Analytics to understand how the site is used (anonymised page views, country, browser family, device type, page load time). This service is cookieless and stores no data on your device. It does not collect personal information, does not fingerprint visitors, and does not enable cross-site tracking. The beacon sends only anonymised, aggregated metrics to Cloudflare. These analytics serve our legitimate interest in operating and improving the website; no consent banner is shown because no consent is required under GDPR or the EU ePrivacy Directive for cookieless, non-identifying analytics. Details of what Cloudflare Web Analytics collects (and what it does not) are available in Cloudflare's documentation.

The waitlist form transmits your email address only at the moment you submit it.

11. Changes to this policy

We may update this policy from time to time. The "last updated" date at the top of this page reflects the most recent revision. Material changes will be communicated by email to active customers.

This document is provided for transparency. It is not legal advice. If you operate a business and are reading this for compliance reasons, consult your own lawyer.