Legal

Privacy Policy

Effective date: April 22, 2026

Short version: The DoppelScanner app never sends your files, file paths, or scan results anywhere. The only network calls the App makes are to Lemon Squeezy to activate and periodically validate your license. This website collects only what is necessary to process your purchase and respond to support requests.

1. About this policy

This Privacy Policy describes how DoppelScanner ("we," "us," or "our") collects, uses, and protects information when you visit doppelscanner.com (the "Site") or use the DoppelScanner Windows desktop application (the "App").

Please read this policy carefully. Continued use of the Site or the App indicates your acknowledgment of these practices. If you do not accept them, do not use the Site or the App.

2. Data we collect on this website

Server logs and IP addresses

Our web hosting provider automatically records standard server log data when you visit the Site. This includes your IP address, browser type, operating system, referring URL, pages visited, and the date and time of your request. We use this data only to maintain the security and performance of the Site and to diagnose technical problems. We do not use it to build profiles or track individuals across sessions.

Purchase information

DoppelScanner is sold as a one-time purchase. When you buy a license, payment is processed by our third-party payment processor. We receive a transaction confirmation, your email address, and the license key issued to you. We do not receive or store your full credit card number, card verification code, or bank account details. Those stay with the payment processor under their own privacy policy.

Support and contact requests

When you email us at support@doppelscanner.com, we collect the name and email address you provide, plus the content of your message. We use this only to respond to your request and to fix bugs you report.

What we do not collect on the Site

We do not use advertising trackers or third-party analytics scripts.
We do not use session replay, heatmap, or behavioral tracking tools.
We do not sell or share your data with data brokers.
We do not require account registration to download or use the App.

3. Cookies and local storage

We do not intentionally set cookies on this Site. Our hosting infrastructure may set strictly technical cookies (such as load balancing or security tokens) as part of serving web traffic. These are not used to track you across websites or for marketing purposes.

We do not use:

Third-party advertising cookies
Analytics cookies (e.g., Google Analytics)
Social media tracking pixels
Persistent fingerprinting or session replay tools

You can block or delete cookies through your browser settings. Doing so will not affect your ability to download or use the App.

4. The DoppelScanner application

License activation and validation

The App makes network calls exclusively to Lemon Squeezy's license API (api.lemonsqueezy.com) for three purposes:

Activation (one time): when you enter your license key on first launch, the App sends your license key and a device label to Lemon Squeezy to register this installation. The device label is your Windows machine name and Windows username (for example, DESKTOP-ABC123\you). This call is required; the App will not open until activation succeeds.
Periodic validation: on each launch where more than 30 days have passed since the last successful check, the App sends your license key and a device instance ID to confirm your license is still active. If validation cannot be reached, the App continues running for up to 7 more days before requiring a successful check.
Deactivation (user-initiated): when you click 'Deactivate this computer' in Settings, the App sends your license key and instance ID to free the activation slot on your license.

No other network calls are made. The App has no telemetry, no crash reporting, no usage analytics, and no update checks. File scanning, hashing, and duplicate detection run entirely on your machine. Your files, file paths, and scan results are never transmitted anywhere.

Local data the App stores on your PC

To speed up repeat scans, the App stores two types of data on your own machine in the OS application-data directory:

Hash cache (hash-cache.sqlite): stores per-file path, size, modification time, and SHA256 hash so unchanged files are not re-read on subsequent scans. Entries are pruned automatically after 90 days.
Scan checkpoints (checkpoints/*.json): stores the file-walk state of an in-progress scan so a cancelled or crashed scan can resume. Deleted automatically when a scan completes normally.
License state (license.bin): stores your license key, a device instance ID assigned by Lemon Squeezy, the timestamp of the last successful validation, and your license status. This file is encrypted using a key derived from your Windows machine GUID (read from the system registry). It is never transmitted.

Neither file is ever transmitted anywhere. The hash cache and checkpoint files live under your OS application-data directory (for example, %APPDATA%\DoppelScanneron Windows). You can delete them at any time without affecting the App's core functionality; deleting the hash cache will simply cause the next scan to re-hash files from scratch.

Scan results

Duplicate groups, reclaimable space totals, and file paths found during a scan are held in memory for the duration of your session. They are never written to disk unless you choose to export a CSV file using the export function inside the App.

Permissions

The App reads only the folder you explicitly select through the native Windows folder picker, plus its own application-data directory where the hash cache and checkpoints are stored. It cannot open network connections and cannot access your clipboard or other OS resources beyond what is described in this policy. The App runs with your standard user permissions and never requests elevated (administrator) privileges.

5. How we use your information

We use the limited information we collect to:

Deliver and activate licenses you have purchased
Respond to support requests and bug reports
Maintain the security and performance of the Site
Comply with legal obligations

We do not use your information for advertising, profiling, or any purpose beyond what is listed above.

6. Data sharing and third parties

We do not sell your personal data. We share it only in these limited circumstances:

Lemon Squeezy (payment processor and license platform)

Purchases are processed by Lemon Squeezy, which acts as the Merchant of Record for all sales. Lemon Squeezy handles payment collection, tax compliance, and license key generation. When you purchase a license, Lemon Squeezy receives your payment details, email address, and billing information. We receive a transaction confirmation, your email address, and the license key assigned to your order.

Lemon Squeezy also operates the license API the App uses for activation and validation. When you activate the App, Lemon Squeezy receives and stores your license key and the device label you provide (your Windows machine name and username). This activation record is visible in our Lemon Squeezy dashboard and is used solely to manage how many devices your license is active on. Lemon Squeezy's privacy practices are governed by their Privacy Policy.

Web hosting provider

Our hosting provider processes server log data (including IP addresses) as part of operating the infrastructure that serves the Site. They act as a data processor on our behalf and are bound by contractual data processing terms.

Legal requirements

We may disclose your information if required by law, court order, or government authority, or if we believe in good faith that disclosure is necessary to protect our rights, protect your safety, or prevent fraud.

Business transfers

If DoppelScanner is acquired or merged with another company, your information may transfer to the acquiring entity. Where practicable, we will provide reasonable advance notice via the email address on file before your data becomes subject to a materially different privacy policy.

7. Data retention

We retain your personal data only as long as necessary for the purposes described in this policy:

Purchase records and license keys: retained for 7 years to comply with tax and accounting obligations.
License activation records (machine labels visible in our Lemon Squeezy dashboard): retained for the life of the license, then removed on deactivation or license revocation.
Support correspondence: retained for 3 years after the issue is resolved, then deleted.
Server log data: retained for 90 days, then deleted automatically.

You can request deletion of your data at any time by contacting us at support@doppelscanner.com. We will fulfill your request within 30 days except where retention is required by law.

8. Security

We apply commercially reasonable technical and organizational measures to protect the information we hold:

The Site is served over HTTPS with TLS 1.2 or higher.
We do not store full payment card data — that stays with Lemon Squeezy.
Access to purchase records and support correspondence is restricted to authorized personnel.
The App installer is distributed via a verified download link to reduce the risk of tampered binaries reaching users.
License state stored on your machine (license.bin) is encrypted with AES-GCM using a key derived from your Windows machine GUID, preventing casual copying of a license to another PC.

No method of transmission or storage is completely secure. If you believe your information has been compromised, contact us immediately at support@doppelscanner.com.

9. Your privacy rights

European Economic Area, UK, and Switzerland (GDPR)

If you are located in the EEA, UK, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR) and applicable local law:

Access: request a copy of the personal data we hold about you.
Rectification: request correction of inaccurate or incomplete data.
Erasure: request deletion of your data in certain circumstances.
Restriction: request that we limit how we process your data.
Portability: receive your data in a structured, machine-readable format.
Objection: object to processing based on legitimate interests.
Withdraw consent: where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

Our legal basis for processing your purchase and support data is contractual necessity (Article 6(1)(b) GDPR). Our legal basis for retaining purchase records for tax purposes is legal obligation (Article 6(1)(c) GDPR).

To exercise any of these rights, email us at support@doppelscanner.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

California residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act gives you the following rights:

Know: request disclosure of the categories and specific pieces of personal information we have collected about you.
Delete: request deletion of personal information we hold, subject to certain exceptions.
Correct: request correction of inaccurate personal information.
Opt out of sale or sharing: we do not sell or share personal information, so this right does not apply, but you can still contact us to confirm.
Non-discrimination: we will not discriminate against you for exercising any of these rights.

To submit a verifiable consumer request, email us at support@doppelscanner.com with "CCPA Request" in the subject line. We will verify your identity and respond within 45 days.

Other regions

Residents of Canada, Australia, Brazil, and other jurisdictions with applicable privacy law may also contact us to exercise their rights. We will honor requests to the extent required by applicable law.

10. Children's privacy

The Site and the App are not directed at children under 13. We do not knowingly collect personal data from anyone under 13. If you believe we have inadvertently collected information from a child under 13, contact us at support@doppelscanner.com and we will delete it promptly.

11. International data transfers

Our service providers (web hosting and payment processing) may operate infrastructure in the United States or other countries. If you are located outside those countries, your information may be transferred to, stored, and processed in jurisdictions with data protection laws that differ from your own.

Where personal data is transferred from the EEA, UK, or Switzerland to a country without an adequacy decision, we take steps to ensure that appropriate safeguards are in place, such as selecting service providers that maintain Standard Contractual Clauses or equivalent transfer mechanisms with their customers.

12. Changes to this policy

We may update this policy from time to time. When we do, we will revise the effective date at the top of this page. For material changes, we will notify you by email (using the address associated with your license) at least 30 days before the change takes effect. Continued use of the Site or the App after the effective date constitutes acceptance of the updated policy.

13. Contact us

For privacy questions, data requests, or concerns, contact us at:

DoppelScannerEmail: support@doppelscanner.com
Website: doppelscanner.com

← Back to home