Trust Policy

We earn trust with boring, dependable tech: small footprints, explicit network calls, and features that do exactly what they say - nothing more.

Bask in our Trust Policy.

Trust Center

Last Updated:

We earn trust with boring, dependable engineering: small footprints, explicit network behavior, self-hosted options, and clear docs. No dark patterns, no surprise data collection-just software that does what it says.

Our Principles

  • Transparency First - clear docs, explicit network behavior, signed releases.
  • Least Privilege - minimal permissions, compartmentalized access, audit trails.
  • Fail-Safe Defaults - privacy-preserving defaults; features are opt-in, not opt-out.
  • Minimal Data - collect the least we need, keep it the shortest time, and never sell it.
  • Self-Hosted Options - run keys and data on your servers when you need full control.
  • No Dark Patterns - plain language, reversible choices, and honest interfaces.

Security Overview

  • Encryption In Transit - TLS 1.2+ for all HTTPS endpoints we operate.
  • Encryption At Rest - where we store data, disks/DB backups are encrypted.
  • Access Control - role-based access for internal systems; least-privilege keys.
  • Environment Isolation - separate build, staging, and production contexts.
  • Secrets Management - secrets kept out of source; rotated and scoped.
  • Backups - encrypted, monitored, and tested restorations.
  • Dependency Hygiene - regular updates, vulnerability scans, and pinned versions.
  • Change Control - peer review, CI checks, and human-readable changelogs.

Data Protection & Privacy

We favor local-by-default behavior and minimal data collection. Details live in our Privacy Policy and Cookie Policy. Highlights:

  • Minimal Collection - name/email only when you give it (e.g., contact, checkout).
  • Retention - keep data only as long as needed or required by law.
  • Your Rights - access, update, delete, or object where applicable.
  • No Sale Of Personal Data - full stop.

Software Integrity & Supply Chain

We publish checksums and sign releases so you can verify what you install.

  • Signed Releases - installers/zips are signed; verify before deploy.
  • Checksums - SHA-256 sums published alongside downloads (e.g., /checksums/).
  • PGP Key - release signing key fingerprint: PGP-FPR-TO-BE-PUBLISHED.
  • SBOM - software bill of materials available for major releases (on request or /legal/sbom.pdf if posted).

Licensing, Telemetry & Network Calls

  • No Telemetry By Default - our desktop tools/plugins do not phone home unless you enable an online feature.
  • Offline Activation - where supported, license keys can be activated without internet access.
  • Documented Endpoints - if online activation is used, endpoints and payloads are documented in Support & Docs.
  • Self-Hosted License Server - keep keys/activations on infrastructure you control.

Vulnerability Disclosure

We welcome responsible disclosure. Email security@mmediausa.com with steps to reproduce, product/version, and impact. We aim to acknowledge within 2 business days.

  • Safe Harbor - good-faith research that respects privacy and avoids service disruption is welcomed.
  • Coordination - we’ll work with you on timelines and public communication.
  • Credit - researchers can be credited in release notes if they wish.

Incident Response & Status

  • Detection - alerts on availability, error rates, and unusual activity.
  • Containment - revoke keys, rotate secrets, and isolate services as needed.
  • Notification - affected customers are notified promptly with clear next steps.
  • Status - service health and maintenance windows are posted at /status (if applicable).
  • Post-Mortems - material incidents get a plain-language write-up with remediation items.

Compliance & Documentation

  • Frameworks - we align practices with GDPR/CCPA/HIPAA principles.
  • DPA - a Data Processing Addendum is available on request.
  • Policy Suite - see Privacy, Cookies, and Terms.

Service Providers & Subprocessors

Some features rely on specialized providers. Many are optional and load only if you use that feature. We review contracts and limit scope to the minimum needed.

Provider Purpose Data Categories Region Enabled
Cloudflare Security, DDoS & Performance IP, HTTP headers, request metadata Global Yes
Google Analytics 4 Anonymous Usage Metrics Page views, events (pseudonymous) US/EU Optional (By Consent)
Crisp (Chat) Support Messaging Name, email (if provided), chat content EU Optional (When Chat Opened)
Payment Processor (e.g., Stripe/Gumroad) Checkout & Billing Billing data (handled by processor) US/EU At Purchase
Hosting Provider Web & License Server Hosting Server logs, operational metadata US Yes

Note: Providers and regions may change as we evolve services. We’ll update this page for material changes.

Data Residency & Self-Hosting

  • Self-Hosted License Server - store keys and activations on infrastructure you control.
  • Residency - our core marketing site is US-hosted; contact us to discuss options.
  • Backups - you control backup location and retention when self-hosting.

Support & SLAs

  • Response Time - we aim to reply within one business day.
  • Critical Issues - acknowledgement within 4 business hours (Mon–Fri).
  • Channels - email support@mmediausa.com or the contact form.

Contact

Security: security@mmediausa.com
Privacy: privacy@mmediausa.com
Support: support@mmediausa.com

Trusted by many companies

Fast, Reliable, And Private. Our licensing, WordPress plugins, and desktop tools help teams move faster without bloat, keep data local, and stay in control under real deadlines.