Privacy Policy
Last updated: March 10, 2026
Table of Contents
1. Scope and Key Principles
2. Information We Collect
3. What We Do Not Collect (and What We Don’t Do)
4. How We Use Information
5. How We Share Information
6. Local Storage
7. Cookies and Similar Technologies
8. Retention
9. Security
10. Your Rights and Choices
11. Region-Specific Disclosures (EEA/UK/Switzerland and Other Regions)
12. Children
13. Changes to This Privacy Policy
14. Contact Us
This Privacy Policy explains how Terrahaven, LLC (“Terrahaven,” “we,” “us,” or “our”) collects, uses, discloses, and protects information when you use SaneMode and related software and services, including our macOS applications, Audio Unit plug-ins, background helper components, installers, documentation, and the website sanemode.com (collectively, the “Service”). This Privacy Policy applies when Terrahaven processes information as a controller for the Service. If we later offer organizational deployments governed by a separate agreement, that agreement may control for those deployments. SaneMode is part of our creator-first, human-protective approach: local-first, privacy-minimized, and honest about what it can and cannot observe. Your creative files are not uploaded by default. You decide if and when to export or share Receipts or Proof Bundles. Specific data handling may vary by feature and settings, as described below. By using the Service, you acknowledge that you have read and understood this Privacy Policy.
1. Scope and Key Principles
1.1. Local-First. Core proof workflows are designed to run on your device. The Service generally relies on local components (e.g., the plug-in, optional background helper, and local storage such as a Vault/Ledger).
1.2. Privacy-Minimized Observation. SaneMode uses scope-limited workflow indicators and local observations. It is designed not to capture the substantive contents of your creative work as part of core proof workflows.
1.3. Exports and Sharing. Receipts and Proof Bundles stay under your control. Terrahaven does not publish or share them by default.
1.4. Privacy Policy vs. Terms of Service. This Privacy Policy explains privacy and data processing. Your use of the Service is also governed by our Terms of Service. If there is a conflict between this Privacy Policy and the Terms of Service regarding privacy or data processing, this Privacy Policy controls.
2. Information We Collect
We collect information in three broad categories: (1) information you provide, (2) limited website information, and (3) information that is processed locally on your device and generally not collected by Terrahaven unless you choose to send it to us or you use a network feature that requires transmitting limited non-content metadata.
2.1. Information You Provide. If you contact us, we may collect contact information such as your name, email address, and the contents of your message. If you purchase paid access, we may collect billing and purchase information such as order confirmations, invoices/receipts, license term length, Seats, and related purchase identifiers. Payment card data is handled by our payment processor and is not stored by us (see Section 5.2). Support submissions are opt-in: if you voluntarily send Receipts, Proof Bundles, diagnostic logs, or screenshots to support@sanemode.com, we receive only what you choose to provide. We may also collect feedback you provide, such as bug reports, feature requests, product feedback, or responses to surveys. If we offer accounts in the future, we may collect basic account details such as name, email address, and account settings. The Service may also generate or use installation/Seat identifiers (for example, a one-way hashed identifier used to enforce Seats) for licensing and receipt/entitlement issuance purposes to enforce Seats and validate entitlements; when a network feature is used (for example, licensing or issuance), limited non-content metadata may be transmitted for that purpose. These identifiers are used solely for license/Seat enforcement and integrity controls, not for cross-site tracking, advertising, or selling profiles.
2.2. Website Information We Collect. When you visit sanemode.com, we may collect device and log data such as IP address, browser type, pages viewed, timestamps, referral URLs, and basic website diagnostics. We may also collect cookie-related data as described in Section 7. We may infer coarse location from IP address for security and fraud prevention, but we do not use precise GPS location. We do not collect app usage analytics or in-app behavioral tracking in the Pilot unless we clearly disclose it in-product and update this Privacy Policy.
2.3. Website Logs (Minimized). Website server logs are used primarily for security, abuse prevention, and basic operational troubleshooting. We do not use website logs to build profiles about you or to link website browsing to in-app activity for advertising.
2.4. Information We Process Locally. When you use the local software, the Service may create or process local artifacts such as Receipts and Proof Bundles (stored locally by default), creator-provided inputs such as Disclosure Intent, Coverage Strength indicators, Gaps/Unknown statuses, limited workflow indicators, integrity metadata, and environment-derived technical identifiers such as OS version, DAW or Host Application identifiers, timing information, and integrity digests. The Service also processes local operational data needed to function, such as local state, configuration, and integrity checks. If you choose to send diagnostic logs to support, those logs may include technical information about the Service’s operation, such as error messages, crash details, configuration state, file names, or file paths. We recommend reviewing and redacting materials before sending them.
2.5. When Data Leaves Your Device (Limited Cases). The Service is designed so that most information remains on-device. Information may leave your device only when: (a) you choose to export or share a Receipt or Proof Bundle; (b) you choose to send materials to support; or (c) you use a network feature such as license/Seat validation or remote issuance of shareable receipts, where offered. In those cases, we aim to transmit only the minimum non-content information necessary for the requested function, as described in this Privacy Policy and any applicable in-product disclosures.
3. What We Do Not Collect (and What We Don’t Do)
SaneMode is designed to avoid collecting or transmitting the substantive content of your work.
3.1. We Do Not Upload Your Creative Content by Default. By default, the Service does not upload DAW session or project contents, audio file contents, stems, tracks, clip contents, arrangement details, plug-in parameter values, lyrics, or private notes to Terrahaven-controlled servers.
3.2. We Do Not Use Accessibility/Automation Permissions to Read Content. If you grant Accessibility and/or Automation permissions, the Service is designed not to record the contents of your screen, the text of your messages, or the content of your keystrokes. Instead, it uses those permission surfaces only to observe limited, scope-bound operational indicators as reflected in a Receipt/Proof Bundle.
3.3. We Do Not Sell Personal Information. We do not sell personal information, and we do not “share” personal information for cross-context behavioral advertising.
3.4. No “Silent Publishing”. We do not publish, post, or share your Receipts or Proof Bundles by default, and we do not upload your DAW session contents, audio contents, or locally stored Receipts/Proof Bundles to Terrahaven-controlled servers by default. Terrahaven does not receive your local Receipts/Proof Bundles unless you choose to export/share them, submit them to support, or you use a feature that requires transmitting limited non-content metadata (for example, licensing, issuance, or verification services, where offered).
4. How We Use Information
We use information for the purposes described below.
4.1. Provide and Operate the Service. We use information to provide the website and local software, authenticate licensing and Seat entitlements where applicable, enable issuance/export features where available and permitted, and provide customer support.
4.2. Security, Integrity, and Abuse Prevention. We use information to detect and prevent fraud, piracy, circumvention, and misuse; protect the integrity of entitlement, issuance, and verification systems; investigate security incidents; and enforce policies and our Terms of Service.
4.3. Improve Reliability and User Experience. We use information to troubleshoot and debug issues, improve the performance and reliability of the Service, and support product development without collecting creative content.
4.4. Communications. We use information to respond to support requests and legal notices, send service-related messages such as critical updates and security notices, and send marketing communications only where permitted and with appropriate opt-out. Support is provided asynchronously, and we do not guarantee response times.
4.5. Legal Compliance. We use information to comply with lawful requests, subpoenas, court orders, and applicable laws, and to maintain required accounting and tax records.
4.6. Network Services (When Used). Some features may rely on network services, such as license validation or remote issuance of shareable artifacts, where offered. When those services are used, we aim to transmit only the minimum information necessary for the function being performed and as described in-product. This may include entitlement or Seat validation data, device or installation identifiers, and non-content technical metadata or integrity digests needed to issue, deliver, or verify shareable artifacts. Integrity digests are one-way fingerprints derived from data, including the rendered audio stream during bounce. They cannot be used to reconstruct or listen to your audio and are used to support verification of artifacts, not advertising, profiling, or cross-service tracking.
4.7. Legal Bases (Where Applicable). Where required by law, we process personal information only when we have a valid legal basis, such as providing the Service under a contract with you, complying with legal obligations, protecting security and preventing abuse, or with your consent where we request it.
5. How We Share Information
We disclose information only as described below.
5.1. Service Providers. We may share information with vendors who perform services on our behalf, such as website hosting and infrastructure, payment processing, email delivery and customer support tools, website-only analytics, and security, fraud prevention, and compliance services. These providers may process information only to provide services to us, may access it only as needed, are expected to keep it confidential, and are contractually prohibited from using it for advertising, profiling, or building their own datasets (or any other independent commercial purpose). For the Pilot, our primary third-party processor for payments is Stripe; other providers (if any) will be used only as described in an updated version of this policy. If we add or change service providers that process personal information in a material way, we will update this policy.
5.2. Payment Processing. Payments are processed by Stripe (or another third-party payment processor we may use from time to time). The processor receives your payment card and transaction details directly. We may receive limited billing metadata (for example, payment status, invoice ID, and last four digits) to administer your purchase. We do not receive or store full payment card numbers. Stripe processes payment information under its own policies and security standards.
5.3. Legal and Safety Disclosures. We may disclose information if we believe it is reasonably necessary to comply with law, regulation, legal process, or lawful government request; protect the rights, safety, and security of Terrahaven, users, or others; investigate fraud, abuse, piracy, or security incidents; or enforce our Terms of Service and policies. We disclose information only as described in this policy and in response to valid legal process or other lawful requests we are required to comply with. Where legally permitted, we may attempt to notify you before disclosing information in response to legal process. We evaluate legal requests for validity and scope, and we disclose only what we reasonably believe is required.
5.4. Business Transfers. If Terrahaven is involved in a merger, acquisition, financing, bankruptcy, reorganization, or sale of assets, information may be disclosed as part of due diligence and transferred as part of the transaction, subject to applicable law.
5.5. With Your Direction. If you choose to export, share, or transmit Receipts and/or Proof Bundles (or other data) to third parties, you are directing that sharing. Those third parties’ privacy practices apply. If you share a Receipt/Proof Bundle, it may include environment-derived metadata. Once shared, it is governed by the recipient’s practices and any platform you use to transmit it. Links or integrations we provide may take you to third-party services governed by their own terms and privacy policies. We are not responsible for the privacy or security practices of third parties, and you should review their policies before providing them information.
6. Local Storage
6.1. Local by Default. Receipts, Proof Bundles, and related artifacts are stored locally on your device (for example, in a Vault). You control whether to keep, export, share, or delete them. Terrahaven does not have access to your local Vault or locally stored artifacts unless you choose to export/share them, submit them to support, or a specific network feature requires transmitting limited non-content metadata.
6.2. Environment-Derived Identifiers. Receipts and Proof Bundles may include environment-derived technical identifiers (for example, OS version, DAW or Host Application identifiers, timing information, and integrity digests) that help make the artifact verifiable and honest about what was observed.
6.3. Support is Opt-In. If you contact support, you may choose to provide Receipts, Proof Bundles, or diagnostic logs. We do not require your creative files to provide support. We also do not require sensitive information, such as payment card numbers, government IDs, or health information, to provide support. Please avoid sending anything you do not want us to handle.
7. Cookies and Similar Technologies
7.1. Website Cookies. Our website may use cookies or similar technologies to support essential site functionality (such as security, load balancing, and session state) and basic analytics to understand website performance and usage. We may use website-only first-party or privacy-focused analytics for performance measurement. We do not use cookies for cross-site behavioral advertising, and we do not knowingly sell or “share” personal information for targeted advertising. If we use third-party analytics providers, they act as service providers and are covered by Section 5.1. We do not run targeted advertising, and we do not use third-party ad pixels for cross-site tracking.
7.2. Your Choices. You can control cookies via browser settings. Disabling cookies may affect site functionality.
7.3. Do Not Track / Global Privacy Control. Some browsers offer “Do Not Track” signals or privacy preference signals (such as Global Privacy Control). We do not treat these signals as consent withdrawal mechanisms because we do not engage in cross-context behavioral advertising.
7.4. Third-Party Links. Our website may include links to third-party sites or services (for example, YouTube). If you follow those links, the third party’s privacy policy applies. We do not control and are not responsible for third-party privacy practices.
8. Retention
We retain information only as long as necessary for the purposes described in this Privacy Policy, including as required to comply with law, resolve disputes, enforce our agreements, and protect the security and integrity of the Service.
8.1. Website Logs and Analytics. Website logs and basic analytics are retained for a limited period appropriate for security, troubleshooting, and performance monitoring, and then deleted, de-identified, or aggregated where feasible. Retention may be longer where necessary for security investigations, abuse prevention, legal compliance, or to enforce our agreements.
8.2. Support Communications. Support emails and attachments (including any logs you provide) may be retained as long as reasonably necessary to provide support, investigate reliability or security issues, prevent abuse, comply with law, or enforce our Terms of Service. Please do not send payment card numbers, government IDs, health data, or other sensitive regulated data to support. We aim to review support messages in good faith, but we do not guarantee response times.
8.3. Billing Records. We retain invoices, payment confirmations, and related records as required for accounting, audits, tax compliance, and fraud prevention.
8.4. Local Artifacts. Local Receipts/Proof Bundles stored on your device remain on your device unless you delete them. Terrahaven generally does not have access to your local Vault unless you export/share materials or submit them to support. If you send us materials (for example, via support), we retain them only as described in Section 8.2.
8.5. Retention Approach. We follow a minimization-first approach: we retain information only for as long as we have a legitimate operational, security, support, or legal need, and then delete, de-identify, or aggregate it where feasible. Where we cannot provide a fixed retention period (for example, for fraud investigations or legal compliance), we limit access and retain only what is reasonably necessary.
9. Security. We use commercially reasonable administrative, technical, and organizational measures designed to protect information we process. However, no security measures are perfect. Because the Service is local-first, the security of your Receipts, Proof Bundles, Vault/Ledger, and exported artifacts depends significantly on your device security and configuration. We limit internal access to user information to personnel who need it to operate or support the Service, and we use access controls and, where appropriate, audit logging for our systems to help prevent unauthorized access. We do not claim perfect security, but we design the Service to minimize the amount of information we receive in the first place. You are responsible for securing your device(s) and accounts, using strong authentication, keeping software up to date, and avoiding malware or unsafe third-party tools.
10. Your Rights and Choices
Depending on where you live, you may have rights regarding your personal information. These rights may include access to information we hold about you, correction of inaccurate information, deletion (subject to legal and operational exceptions), objection to or restriction of certain processing, portability where applicable, and withdrawal of consent where processing is consent-based.
10.1. How to Exercise Rights. Email legal@sanemode.com with your request. We may need to verify your identity (and, where permitted, the authority of an authorized agent) to protect you and prevent fraud. We will respond within a reasonable time and as required by applicable law. We may deny or limit requests where permitted by law (for example, where honoring the request would undermine security, fraud prevention, legal compliance, or the rights of others).
10.2. Marketing Communications. You can opt out of promotional emails using the unsubscribe link or by contacting us. Even if you opt out, we may still send non-promotional communications related to the Service, billing, security, or legal notices.
11. Region-Specific Disclosures (EEA/UK/Switzerland and Other Regions)
11.1. EEA/UK/Switzerland (GDPR/UK GDPR). If you are located in the European Economic Area, the United Kingdom, or Switzerland, you may have the rights described in Section 10, and also the right to lodge a complaint with your local data protection authority. We process personal information under the legal bases described in Section 4.7 (for example, to perform our contract with you, to comply with legal obligations, or for legitimate interests such as security and abuse prevention).
11.2. International Transfers. If you access the Service from outside the United States, your information may be transferred to and processed in the United States and other jurisdictions. Where required by applicable law (including GDPR/UK GDPR), we rely on legally valid transfer mechanisms such as Standard Contractual Clauses and/or other approved safeguards.
11.3. Australia and New Zealand. If you are located in Australia or New Zealand, you may have rights to access and request correction of personal information we hold about you, subject to applicable law. You can request access or correction by contacting us as described in Section 10.1.
12. Children. The Service is not directed to children and is intended only for users who are at least 18 years old (or the age of majority where they live). If we learn we have collected personal information from someone who is not eligible to use the Service, we may delete the information and restrict access.
13. Changes to This Privacy Policy. We may update this Privacy Policy from time to time. If changes are material, we will provide reasonable notice (for example, by updating the date at the top of this policy and, where appropriate, providing additional notice). Your continued use of the Service after the effective date means you accept the updated policy.
14. Contact Us
Terrahaven, LLC
1209 Mountain Road Pl NE Ste R
Albuquerque, New Mexico 87110
United States
Legal: legal@sanemode.com
Support: support@sanemode.com
Billing: billing@sanemode.com