Privacy

The app runs locally. It contacts our servers for update checks and to fetch first-party packs from getinvoke.com. Beyond that, it talks directly to each storefront you've installed — at that publisher's own domain — to check for pack updates and new offerings. Packs you install from getinvoke.com come from getinvoke.com; packs from third-party storefronts come from those storefronts. Anything a shortcut or pack does on your device stays on your device unless the pack itself contacts an external service (see Packs below).

Update-check requests reach our servers with their request metadata — IP address, user agent, and the version you're on. We keep these logs for operational and abuse-prevention purposes and discard them when no longer needed (see Retention below).

The website uses a privacy-focused analytics and error-tracking provider (see Subprocessors). It doesn't set third-party cookies or track you across sites. Our current provider may use local browser storage for an anonymous session identifier and derives only approximate location from IP. If we ever add login, a session cookie strictly necessary for that login will be set; we'll update this policy before that happens.

If you email support@getinvoke.com, we receive whatever you send and use it to respond and keep a record.

We rely on a small set of service providers to run Invoke.

• Cloudflare — website and first-party pack hosting, CDN, DDoS protection. Processes visitor request metadata (including IP address).
• Databuddy — website analytics and error tracking.
• Email / communications provider — receives and stores support emails sent to support@getinvoke.com so we can respond.

When this list changes, we'll update it here. Future categories may include crash reporting and — if we ever monetize — a merchant-of-record payment processor.

Depending on which shortcuts and packs you run, the app may request system permissions — Accessibility, Input Monitoring, Automation (AppleEvents), Screen Recording, Notifications, Full Disk Access. macOS handles the consent dialog for each; you can review or revoke any of them in System Settings. These permissions operate locally — they aren't used to send accessibility data, input events, clipboard contents, screen contents, or file contents to our servers.

Packs are extensions that run inside Invoke. A pack can access whatever permissions the core app holds and may contact external services. Packs we publish ourselves under the "getinvoke.com" publisher are covered by this policy. Packs from third-party publishers are third-party software — their data practices are governed by the pack publisher's own policy, not this one. Storefronts you add are independent data controllers.

You can ask us to access, correct, delete, export, restrict, or object to the processing of your data, or withdraw any consent you've given. Email support@getinvoke.com. We'll respond within one month; for complex or numerous requests we may extend by up to two further months and will tell you within the first month.

You can lodge a complaint with a data protection supervisory authority in your country.

These rights apply to data we can tie back to you. We don't try to re-identify anonymous analytics data — so if the only record of you is an anonymous session identifier, we may not be able to act on a request about it.

Providing personal data is voluntary. If you decline a macOS permission, the feature requiring it won't work; the rest of the app keeps running.

Controller and contact details are on the Imprint. Reach us at support@getinvoke.com.

Legal bases: if you're in the EEA or UK, we process your personal data on these bases under the GDPR: to provide Invoke, respond to you, and perform what you've asked of us — Art. 6(1)(b) (contract or pre-contract steps); to keep the service secure, prevent abuse, fix bugs, and improve Invoke — Art. 6(1)(f) (our legitimate interests in running a safe, reliable product); to comply with legal obligations — Art. 6(1)(c); and where we ask for it — Art. 6(1)(a) (consent), which you can withdraw at any time.

International transfers: some of our subprocessors operate outside the EEA/UK. For transfers that would otherwise lack adequate protection, we rely on safeguards recognized under GDPR Chapter V — most commonly the European Commission's Standard Contractual Clauses or an adequacy decision such as the EU–US Data Privacy Framework. Email support@getinvoke.com for a copy of the safeguards that apply to a specific transfer.

Retention: we keep data only as long as needed for the purpose it was collected, then delete it. We may retain longer where required by law or to defend legal claims.

Children: Invoke isn't directed at children. If you think a child has submitted data to us, email support@getinvoke.com and we'll delete it.

Changes: if we make material changes we'll post them here at least 30 days before they take effect, where feasible, and update the date at the top.