Download

Legal

Privacy Policy.

Last updated 12 May 2026

Circa is a macOS application operated by Haxhi Bekaj (“we”, “us”). This policy explains what personal data we collect when you visit this website or use the Circa app, why we collect it, and the rights you have over it. We aim to collect as little as possible.

1. Who we are

Circa is operated by Haxhi Bekaj, a sole proprietor. The data controller for the purposes of GDPR and similar regulations is Haxhi Bekaj. You can reach us at support@haxhibekaj.dev.

2. Data we collect

When you visit this website. Our hosting provider records standard server logs (IP address, user agent, requested URL, timestamp) for security and abuse prevention. These logs are kept for up to 30 days and are not used to profile you.

When you buy Circa. Checkout is processed by Paddle, our Merchant of Record. Paddle collects your name, email address, billing address, payment details and tax information. We never see your card details. Paddle shares your email and country with us so we can issue a license key, provide support, and meet our tax obligations. Paddle’s own privacy notice is available at paddle.com/legal/privacy.

When you use the app. Circa runs locally on your Mac. Your slots, profiles, shortcuts and scripts stay on your device. The app does not include analytics, telemetry, or background trackers.

Permissions Circa asks for on your Mac. To work as a radial launcher, Circa needs macOS to grant it a small set of system permissions. We only use them for the purposes listed below and nothing is sent off your Mac.

  • Accessibility. Required so Circa can deliver the keystrokes and shortcuts you bind to each slot. The permission is used to send the input you configured — never to read what you type into other apps.
  • Input Monitoring / HID. Required so Circa can detect the hold-to-open hotkey and listen for button events from supported Human Interface Devices (for example, a Logitech MX side button). The HID listener filters for the device and button you assigned and ignores everything else. No keystrokes, mouse movements, or device payloads are stored or transmitted.
  • Automation / Apple Events. Required when you bind a slot to a Shortcut, AppleScript, or another app. macOS prompts you the first time a specific target app is invoked. Circa only triggers the action you configured.

You can review or revoke any of these at any time in System Settings → Privacy & Security. Revoking a permission will disable the corresponding feature but will not delete your slots or profiles.

License activation. When you paste your license key into the app, we record the key, an opaque machine identifier, and the activation timestamp so we can enforce the per-license activation cap. The machine identifier is a hash — it is not your serial number, MAC address, or name.

Auto-updates. The app checks for a new version once every 24 hours by requesting an XML feed from this website. That request is a normal HTTPS call — we receive only the standard server-log fields described above.

Support email. If you email us, we keep the message so we can answer follow-ups and improve the product.

3. Why we use your data

  • To fulfil your purchase and deliver your license key (contract).
  • To enforce license activation caps and prevent abuse (legitimate interest).
  • To answer your support emails (contract / legitimate interest).
  • To meet tax, accounting, and consumer-protection obligations (legal obligation).
  • To keep the website and update feed running securely (legitimate interest).

4. Who we share it with

We share the minimum personal data necessary with the following processors:

  • Paddle — payments, invoicing, tax handling, and fraud prevention as our Merchant of Record.
  • Email delivery — transactional email provider that sends your license key and order receipts.
  • Hosting — the cloud provider that runs this website and the license API.

We do not sell your personal data and we do not share it with advertisers or data brokers.

5. Where we store it

License records are stored on servers located in the European Union. Paddle may process payment data in the United States and the United Kingdom under appropriate safeguards (Standard Contractual Clauses).

6. How long we keep it

  • Server logs: up to 30 days.
  • Order and license records: as long as the license is active, plus the period required by tax law (typically up to 10 years).
  • Support emails: up to 24 months from the last reply.

7. Your rights

Depending on where you live, you have the right to access a copy of your data, correct it, delete it, restrict how we use it, object to processing, and receive it in a portable format. You also have the right to lodge a complaint with your local data-protection authority. To exercise any of these rights, email us at support@haxhibekaj.dev. We respond within 30 days.

For payment data held by Paddle, you can also contact Paddle directly using the details in their privacy notice.

8. Cookies

This website does not use advertising or analytics cookies. Paddle’s checkout sets a small number of cookies that are strictly necessary to process your payment securely. The website itself uses a session cookie only when you sign in to the (optional) account area.

9. Children

Circa is not directed at children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us with data, email us and we will delete it.

10. Changes to this policy

If we make material changes, we will update the date at the top of this page and, where required, contact you. The current version is always available at this URL.

11. Contact

Questions, complaints, or data requests: support@haxhibekaj.dev.

Questions? support@haxhibekaj.dev