Privacy Policy

A production-grade privacy policy for a local-first remote control product, covering account data, remote sessions, diagnostics, payments, marketplace disclosures, data rights, retention, and security.

Document status

Effective: May 11, 2026
Last updated: May 11, 2026

Remote screen sessions are not recorded by default, and session content is not used for AI training.

Apple and Stripe payment details stay with the payment processors; full card numbers are not stored by us.

Any marketplace privacy label should be kept aligned with the final SDKs, diagnostics, billing, and support stack.

Privacy baseline

Overview and Scope

This Privacy Policy explains how Direct Control Lab collects, uses, shares, stores, and protects information when you use our websites, desktop host apps, mobile controller apps, browser controller, remote-session infrastructure, support surfaces, billing flows, and related services.

The product is designed around a local-first remote control model. Direct peer-to-peer routes are preferred when available. Relay, signaling, billing, support, diagnostics, and account services may still process information needed to deliver the service, secure accounts, prevent abuse, and support customers.

This policy is intended to be consistent with platform privacy review expectations, including accurate public privacy disclosures. Any marketplace privacy label must match the final app, SDKs, analytics, payment processors, support tooling, and production infrastructure actually used at launch.

We do not sell personal information.
We do not record remote screen sessions by default.
We do not use remote screen content, files, keystrokes, or session media to train AI models.
We do not track users across other companies' apps or websites unless a separate App Tracking Transparency consent flow is shown and accepted where required.
We only ask for device permissions that are needed for the feature the user is trying to use.

Data categories

Information We May Collect

The categories below describe the information we may collect directly, automatically, or through service providers. Not every category applies to every user or platform. Some information is collected only if you create an account, start a session, contact support, buy a subscription, enable diagnostics, or grant an operating-system permission.

Account data

Linked to you when an account exists.

Name, email address, account ID, authentication provider ID, profile settings, recovery state, subscription entitlement, device associations, and account security events.

Contact data

Used for support and notices.

Email address, support messages, feedback, troubleshooting files you choose to provide, and communication preferences.

Device data

May be linked to account or device.

Device model, operating system, app version, browser version, screen size, capture settings, permission state, locale, time zone, and device identifiers needed to deliver sessions and prevent abuse.

Session metadata

Used for reliability and security.

Session ID, host/controller role, connection route, TURN or relay use, timestamps, approximate IP-derived region, latency, bitrate, packet loss, disconnect reason, crash reports, and quality metrics.

Screen and control data

Real-time session data.

Remote screen media, optional audio, pointer movement, keyboard input, clipboard events if enabled, and control commands needed to operate a remote session. This data is processed to deliver the live session and is not intentionally stored as a recording by default.

Billing data

Apple or Stripe may process payment details.

Plan selected, product ID, price, renewal status, transaction ID, subscription receipt metadata, tax country, refund or chargeback state, and limited payment processor references. We do not store full card numbers.

Website data

Used for site operations.

IP address, user agent, referrer, pages visited, timestamps, cookie or local storage identifiers, and security logs generated when you visit the website or legal pages.

Diagnostics

Used to fix defects.

Crash logs, performance traces, network checks, feature flags, error messages, build version, and host/controller compatibility information.

Session privacy

Remote Screen, Audio, Clipboard, and Control Data

Remote control products can expose sensitive on-screen information. You should only start a session on devices you own or are authorized to control, and you should close sensitive windows before sharing or controlling a host device.

When a session is active, screen media and control events may travel directly between the host and controller through encrypted WebRTC channels. If a direct route is not possible, traffic may pass through a relay so the session can work on restrictive networks. Relay routing does not change our default position that we do not intentionally store session recordings.

If optional features such as clipboard sync, file transfer, microphone audio, system audio, diagnostics export, or support-assisted troubleshooting are added or enabled, those features may process additional data. The app should present clear controls before those features are used.

Screen capture permissions are controlled by the operating system and can be revoked in system settings.
Accessibility or input-control permissions may be required on macOS for keyboard, pointer, or automation control.
Camera access may be requested only for features such as scanning a controller QR code.
Microphone or system-audio permissions should be requested only if the user enables audio features.
Clipboard sync, file transfer, and support diagnostics should be optional and visibly controlled by the user.

Purposes

How We Use Information

We use information to operate the service, make sessions work across networks, secure accounts and devices, process payments, provide support, comply with law, and improve reliability. We do not use personal information for unrelated advertising profiles.

Create, authenticate, maintain, and secure accounts.
Start, route, reconnect, and end remote sessions.
Measure latency, packet loss, crashes, and compatibility issues.
Provide subscription access, restore purchases, prevent fraud, and process refunds or disputes.
Respond to support, privacy, legal, and security requests.
Detect abuse, unauthorized access, suspicious sessions, and violations of our terms.
Maintain audit logs needed for safety, billing, compliance, and dispute resolution.
Develop product improvements using aggregated or de-identified reliability metrics.

EU, UK, and similar laws

Legal Bases for Processing

Where privacy laws require a legal basis, we rely on one or more of the following bases depending on the context.

Contract

To provide the app, remote sessions, accounts, subscriptions, support, updates, and requested features.

Legitimate interests

To secure the service, prevent abuse, improve reliability, debug crashes, respond to support, and protect users, provided those interests are not overridden by user rights.

Consent

For optional diagnostics, marketing communications, certain cookies, App Tracking Transparency where applicable, and device permissions that require user approval.

Legal obligations

To maintain tax and accounting records, respond to lawful requests, enforce legal rights, and comply with consumer, privacy, and security laws.

Billing privacy

Payments and Apple Purchases

Payment processing depends on where the purchase occurs. Web subscriptions may be processed by Stripe. Apple subscriptions and in-app purchases are processed through Apple and managed through the user's Apple account.

We receive limited billing information needed to provide access, confirm entitlement, prevent fraud, handle support, and comply with tax and accounting requirements. We do not receive or store full credit card numbers from Apple or Stripe.

Apple subscription cancellation, renewal, refund, and family sharing controls are managed through Apple.
Stripe billing controls apply to web purchases and may include a billing portal or receipt link.
Deleting a Direct Control Lab account does not automatically cancel an Apple subscription; Apple subscriptions must be canceled in Apple account settings.

Storage limits

Retention

We keep information only for as long as reasonably needed for the purposes described in this policy, unless a longer period is required or permitted by law. Retention periods vary by data type, account status, security need, and legal requirement.

Account records

Usually retained while the account is active and for a limited period afterward for backup, fraud prevention, support, legal, and accounting needs.

Billing records

Retained for tax, accounting, audit, refund, dispute, and compliance purposes, often for several years as required by law.

Diagnostics and logs

Generally retained for a shorter operational period unless needed for security, debugging, abuse prevention, or legal compliance.

Support records

Retained while needed to resolve the request and maintain an accurate support history.

Session recordings

Not intentionally stored by default. If a future recording feature is offered, it should be opt-in and governed by additional controls.

Control

Your Privacy Rights and Choices

Depending on your location, you may have rights to access, correct, delete, restrict, object to, or export personal information. You may also have the right to withdraw consent, opt out of certain sharing, or appeal a privacy decision.

To make a request, use the privacy choices page or contact support@compcontroll.org. We may need to verify your identity before fulfilling certain requests. We will respond within the time required by applicable law.

You can revoke operating-system permissions such as screen recording, accessibility, camera, microphone, and local network access in device settings.
You can cancel Apple subscriptions through Apple account subscription settings.
You can cancel web subscriptions through the billing flow or support channel provided for the web plan.
You can request account deletion. If manual verification is required, we will explain the expected timeline.
You can opt out of marketing emails by using the unsubscribe link or contacting support.

California and similar laws

U.S. State Privacy Notice

Residents of California and other states with comprehensive privacy laws may have additional rights depending on the law that applies to the business, the user, and the data. This section is intended to provide a practical notice for U.S. privacy requests even where a specific law may not yet apply to us by threshold.

We do not sell personal information. We do not share personal information for cross-context behavioral advertising unless a separate disclosure and required opt-out or consent path is provided. We do not knowingly sell or share personal information of children.

Categories collected

Identifiers, account information, contact information, device and internet activity information, commercial information such as subscription status and receipts, approximate location from IP address, diagnostics, support communications, and sensitive permission-related data when needed for remote control features.

Sources

You, your devices, your browser, app permissions, payment processors, platform providers, support communications, security logs, and service providers.

Purposes

Provide remote sessions, accounts, billing, support, security, fraud prevention, diagnostics, legal compliance, product reliability, and customer communications.

Disclosures

Service providers and processors such as hosting, signaling, relay, payment, support, analytics, diagnostics, security, legal, tax, and platform providers may process information for the purposes described in this policy.

Request methods

Use https://compcontroll.org/privacy-choices or email support@compcontroll.org. Online-only requests may be handled by email and web forms where allowed by law.

Protection

Security Measures

We use administrative, technical, and organizational safeguards designed to protect information against unauthorized access, loss, misuse, and disclosure. No internet service can guarantee absolute security, and remote control software depends on safe user behavior, secure devices, and protected credentials.

HTTPS for website and API traffic.
Encrypted media and control channels for WebRTC sessions where supported by the protocol.
Access controls, least-privilege permissions, and operational logging for production systems.
Session identifiers and tokens designed to limit access to the intended host and controller.
Abuse monitoring, rate limits, and security review for sensitive flows.
Incident response procedures for suspected unauthorized access or data exposure.

Age limits

Children

The service is not directed to children under 13, and it is not intended for child-directed marketplace categories. If a higher age threshold applies in your country or region, you must meet that threshold or use the service only with appropriate parent or guardian involvement.

We do not knowingly collect personal information from children in a way that requires verifiable parental consent. If you believe a child provided personal information, contact us so we can review and delete it where required.

Global operation

International Transfers

We may process information in the United States and other countries where we or our service providers operate. Those countries may have privacy laws that differ from the laws where you live.

Where required, we use appropriate safeguards for international transfers, such as contractual protections, provider due diligence, and transfer mechanisms recognized by applicable law.

Questions

Changes and Contact

We may update this policy as the product, legal requirements, marketplace disclosures, infrastructure, or data practices change. The date at the top of the policy shows when it was last updated.

Questions, privacy requests, security reports, and complaints can be sent to support@compcontroll.org. You may also use the support page at https://compcontroll.org/support.