GDPR Privacy Policy · Desktop Application · Last updated: June 2026
The controller responsible for data processing described in this policy (Art. 4(7) GDPR) is:
SmallSoftLoaf Software - Kevin Jung
Walkmühlenstraße 28
71397 Leutenbach, Germany
USt.ID: DE462096083
Email: [email protected]
Diffract is a desktop application that runs entirely on your local device. It does not transmit your files, diff results, or usage data to any server controlled by the developer. On startup, Diffract makes one outbound HTTPS request to check whether a newer version is available (see _05). This check can be disabled in Settings. Additionally, the optional Remote File Comparison feature connects to a remote host that you specify in order to fetch a file for comparison (see _12).
| Category | Where stored | Transmitted? |
|---|---|---|
| App settings | Windows Registry / macOS plist | No |
| License key | Windows Registry / macOS plist | No |
| Window geometry | Windows Registry / macOS plist | No |
| Trial start timestamp | Windows Registry / macOS plist + app config directory | No |
| Files you compare | Your local filesystem only | No |
| Version check request | Not stored — one GET on startup | IP address only (see _05) |
| Remote files you fetch (optional feature) | Held in memory only | Only the host you specify (see _12) |
| Remote credentials (optional feature) | In memory for the session, or — only if you choose “This device” — in the OS keychain; never in plain text (see _12) | Only the host you specify (see _12) |
When you use Diffract, the following data is stored locally on your device using the operating system's standard preference storage (Windows Registry under HKCU\Software\diffract / macOS NSUserDefaults):
HKCU\Software\diffract (run reg delete HKCU\Software\diffract /f in a command prompt) and delete the Diffract folder inside %APPDATA%.defaults delete com.diffract.app in Terminal, and delete the diffract folder inside ~/Library/Application Support/ if present.~/.config/diffract/ and ~/.local/share/diffract/ (or the equivalent XDG directories).Diffract uses an offline license validation system. Your license key encodes a cryptographic signature (Ed25519) that is verified locally against a public key embedded in the application. No network request is made during activation or validation. The developer never receives information about when or how often you activate the software.
On startup, Diffract sends a single HTTPS GET request to https://releases.getdiffract.com/latest.json to check whether a newer version is available. If a newer version is found, the app also fetches the associated changelog from the same domain.
Purchases are made through the Diffract website, not within the desktop application. Payment processing is handled by Paddle.com Market Limited("Paddle"), acting as Merchant of Record. Please refer to the website privacy policy and Paddle's Privacy Policy for details on how your purchase data is processed.
Apart from Paddle (see _06), the developer does not share your personal data with third parties. No advertising networks, telemetry services, or analytics SDKs are integrated into the Diffract desktop application.
As a data subject under the GDPR, you have the following rights:
You have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The competent authority for the operator (resident in Baden-Württemberg) is:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg (LfDI BW)
Lautenschlagerstraße 20
70173 Stuttgart, Germany
Web: www.baden-wuerttemberg.datenschutz.de
All data stored locally uses the security mechanisms provided by the operating system (Windows DPAPI / macOS Keychain at the OS level for Registry/plist data). The network activity initiated by the application is limited to the optional version-check request described in _05 and the optional Remote File Comparison feature described in _12; neither transmits personal data to the developer. License keys are validated using Ed25519 public-key cryptography entirely offline.
Diffract includes an optional Remote File Comparison feature (a Pro feature) that fetches a file (or lists a directory) from a location you specify — an http:// / https:// URL, an ssh:// / scp:// path (SSH/SFTP), a cloud object-storage path (s3:// Amazon S3 and S3-compatible services, az:// Azure Blob Storage, gs:// Google Cloud Storage), or an ftp:// / ftps:// path — so it can be compared like a local file.
https://, ssh:///SFTP, the cloud providers' HTTPS APIs, and ftps://) protect your credentials and data in transit; plain ftp:// is unencrypted, so the username, password, and file contents travel in clear text — use it only on trusted networks. For https:// you may optionally set a per-host trust rule (pin a certificate, trust a custom CA file, or — at your own risk — allow a self-signed certificate), managed under Settings → Remote Sources. SSH host keys are verified on first use and checked against your ~/.ssh/known_hosts; a changed host key aborts the connection.Diffract is a professional software development tool not directed at children. The developer does not knowingly collect personal data from persons under the age of 16.
Material changes to this privacy policy will be announced via the Diffract website or release notes. The “Last updated” date at the top of this document reflects the most recent revision. Continued use of Diffract after a change is published constitutes acceptance of the updated policy.