Privacy Policy

Last updated: March 28, 2026

1. Who we are

VMAC is operated by Solved Sorce LLC ("we," "us," or "our"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use the VMAC application, website, and related services (collectively, the "Service").

For privacy-related inquiries, contact us at [[email protected]].

2. Information we collect

Account information

When you create an account we collect your first name, last name, and email address. If you sign in with Google, we receive your name, email, and profile image from Google.

Phone number

You may sign in using your phone number via SMS one-time password (OTP). Alternatively, if you sign in with a third-party provider, you may add and verify a phone number from your account page. In both cases, your phone number is sent to our SMS delivery provider to deliver the verification message. We store your phone number and verification status in our database for authentication, account linking, and account recovery purposes. A temporary OTP session record (phone number, verification ID, and expiration) is created when a code is sent and automatically deleted once the code is verified or expires.

Device information

When you activate VMAC on a Mac, we collect a device identifier, platform, application version, and a user-assigned device label. We also record whether a device is online and its last-seen timestamp.

Usage analytics

We use third-party analytics services to collect usage data including page views, feature usage events, session information, IP addresses, approximate geolocation, browser/OS type, and referral sources. These services may set cookies or use similar technologies to collect this data.

Crash reports

We use a third-party error monitoring service to collect crash reports and performance data from the VMAC application. These reports may include device model, OS version, stack traces, and application state at the time of the error.

Diagnostics log stream

The Service includes a real-time diagnostics log stream that transmits log entries from your Mac to the web dashboard via our WebSocket relay. This feature is active by default and can be disabled in device settings. Log entries may contain device names, video source labels, error messages, and file paths. Logs are streamed in real time and are not stored on our servers after the session ends.

Control signals and metadata

When you use the remote control features, JSON command and response messages pass through our relay infrastructure. We also relay audio level values (dB readings, not audio samples) and tally/preview state. No video frames, audio samples, or stream content ever passes through our servers — all video and audio output (SRT, RTMP, NDI) is sent directly from your Mac.

Payment information

Payments are processed by a third-party payment provider. We do not directly collect or store credit card numbers. We receive subscription status, product identifiers, license keys, and related billing metadata from our payment provider.

Organization information

You may optionally provide an organization or company name associated with your account.

3. How we use your information

  • Provide, operate, and maintain the Service
  • Authenticate your identity and manage your account
  • Process subscriptions and manage device activations
  • Enable real-time remote control and diagnostics features
  • Analyze usage to improve the Service
  • Diagnose bugs and crashes
  • Communicate with you about your account or the Service
  • Comply with legal obligations

4. Legal bases for processing (EEA/UK)

If you are in the European Economic Area or the United Kingdom, we process your personal data on the following bases:

  • Contract: Processing necessary to provide the Service you signed up for (account data, device management, remote control).
  • Legitimate interests: Analytics, crash reporting, and security monitoring, where our interests do not override your rights.
  • Consent: Where required by law, such as certain cookie-based tracking. You may withdraw consent at any time.
  • Legal obligation: Where we must comply with applicable law.

5. Third-party services

We use third-party service providers to operate the Service. These providers fall into the following categories:

  • Cloud infrastructure and database hosting — stores account data, device data, and license information
  • Real-time relay infrastructure — transmits control signals, diagnostics logs, and presence data between your devices and the web dashboard
  • Payment processing — handles subscriptions and license key management
  • SMS delivery — sends verification codes for phone-based sign-in and phone number verification
  • Product analytics — collects usage data to help us improve the Service
  • Error monitoring — collects crash reports and performance data
  • Authentication providers — facilitate third-party sign-in (e.g., social login)

These providers are contractually obligated to protect your data and process it only as instructed by us. We do not sell your personal information to third parties. A current list of our subprocessors is available upon request.

6. International data transfers

Your data may be transferred to and processed in the United States or other countries where our service providers operate. Where required by law, we rely on Standard Contractual Clauses or other approved transfer mechanisms to ensure adequate protection of your data.

7. Data retention

We retain your account data for as long as your account is active. Analytics and crash report data are retained according to the retention policies of our respective service providers. Diagnostics log streams are ephemeral and are not persisted after the real-time session ends. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law.

8. Your rights

All users

You may request access to, correction of, or deletion of your personal data by contacting us at [[email protected]]. Account deletion is not yet available as a self-serve feature; we will process requests manually within 30 days.

EEA/UK residents (GDPR)

You additionally have the right to:

  • Restrict or object to certain processing
  • Request data portability
  • Withdraw consent at any time (without affecting prior processing)
  • Lodge a complaint with your local data protection authority

California residents (CCPA/CPRA)

You have the right to:

  • Know what personal information we collect and how it is used
  • Request deletion of your personal information
  • Opt out of the "sale" or "sharing" of personal information — we do not sell or share your data as defined by the CCPA
  • Non-discrimination for exercising your rights

9. Cookies and tracking

We use essential cookies for authentication and session management. Our analytics providers may set additional cookies to track usage patterns. You can manage cookie preferences through your browser settings. Disabling analytics cookies will not affect core Service functionality.

10. Children's privacy

The Service is not directed at children under 16. We do not knowingly collect personal data from children under 16. If we learn that we have collected data from a child under 16, we will delete it promptly.

11. Security

We use industry-standard measures to protect your data, including encrypted connections (TLS), HMAC-signed authentication tokens, and access controls. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance.

13. Contact us

Solved Sorce LLC
Email: [[email protected]]