Privacy
Short version: Noxen the app does not collect anything about your homelab. The marketing website (this one) uses Google Analytics to count page views. That's it.
Noxen the application
Noxen is a Mac-native scanner that runs on your machine. It never transmits your host inventory, scan findings, SSH keys, credentials, or any data about the boxes you scan to any server we control. The only outbound network traffic from the app is:
- Feed poll: once per 24 h Noxen GETs
https://feed.noxen.app/manifest.jsonand the referenced signed CVE snapshot. This request contains no identifying information beyond a standard User-Agent string. - Auto-update check: once per 24 h Sparkle GETs
https://noxen.app/appcast.xml. - License activation (optional): if you activate a paid licence, the key is validated via
metrics.noxen.app/paddle/v1/licenses/*, our Cloudflare Worker that holds the licence ledger. The validation request includes only your licence key and an instance identifier (a random UUID generated on first activation, used to count seats). It does not include scan data, host names, or anything from your fleet. - SSH / TCP / HTTP traffic to your hosts: initiated by you, aimed at machines you enrol. Nothing leaves your network.
Scan data storage
Host catalogs, inventories, scans, and findings live in SwiftData on your Mac. CloudKit sync via Apple's private database is wired into the app but disabled in v1.0; when it is re-enabled alongside the iOS view-only companion, the records will sync through your own Apple account — encrypted in transit and at rest, visible only to you. We never see this data.
SSH credentials (passwords, private keys, passphrases) live in the macOS Keychain and are never synced via CloudKit, even when sync is on.
This website (noxen.app)
We use Google Analytics 4 (property
G-PCP27L8WCJ) to count visits and understand which
pages people read. We have enabled the following GA4 features:
- Standard measurement: page views, sessions,
coarse geolocation (country / city), referrer, device class,
browser/OS, and the bounce/scroll signals GA4 derives from
them. IP addresses are truncated before storage
(
anonymize_ip+ GA4's built-in IP-handling). - Custom event tagging: file downloads (DMG),
video plays (demo video), checkout interactions
(
begin_checkouton a pricing CTA click,purchaseon completion), and waitlist sign-ups. Event payloads record the price ID, transaction ID, and currency / amount; they do not include your name, email address, or card details — those go to Paddle directly without touching our analytics pipe. - Google Signals (cross-device & demographics): when visitors are signed in to a Google account that has opted in to ads personalisation, GA4 may aggregate visits across their devices and infer coarse demographics (age range, gender, broad interest categories). We use this only to size the audience reading our blog content. We do not run retargeting ads, build audience lists for ad platforms, or share data with advertisers.
Your rights and how to opt out.
- Universal browser-level opt-out: install the
official Google Analytics Opt-out Browser
Add-on, or use Safari's Intelligent Tracking Prevention
(on by default), or any ad blocker that blocks
googletagmanager.com. - Disable Google Signals personalisation: manage your Google-account-wide ads-personalisation setting at adssettings.google.com. Turning this off prevents GA4 from receiving cross-device or demographic signals about you specifically.
- Access / deletion / portability: email hello@noxen.app with the approximate visit date and we will request deletion of any associated GA4 records via Google's user-data deletion API. We do not store these records ourselves outside of GA's reporting interface, so the deletion completes when Google processes the request.
We use Cloudflare for hosting (DNS, CDN, Workers, Pages). Cloudflare's privacy policy applies to in-flight traffic. Noxen stores no visitor PII beyond what GA collects.
No cookies are set for advertising, retargeting, or third-party
tracking purposes beyond GA's own first-party cookies
(_ga, _ga_*). We do not use Google Ads,
Meta Pixel, or any other ad-tech tag.
Payments
Paddle.com Market Limited (paddle.com privacy policy) is the merchant of record for every paid Noxen tier. When you purchase Noxen 1.x, Maintenance, Live Feed, or MSP / Team, Paddle — not Noxen — collects your payment details, processes the card transaction, charges applicable sales tax / VAT / GST, and issues the invoice. Noxen receives from Paddle:
- The transaction ID, customer email, country, and purchased product/price IDs (so we can mint a license key and email it to you).
- Subscription lifecycle events — activated, updated, canceled, paused, resumed — for any recurring tier you buy.
- Refund / chargeback notifications, so we can mark the license appropriately.
We never receive your full card number, billing address, cardholder name, or CVV — those stay between you and Paddle. Paddle's privacy policy and terms of service govern that relationship; the relevant excerpts are at paddle.com/legal/privacy and paddle.com/legal/buyer-terms.
Once Paddle delivers a license-key issuance webhook, the key
is stored in our Cloudflare Workers KV namespace
(METRICS) under
paddle:license:<KEY>. Each record contains
your customer email (so we can resend the key on request),
the tier, the price + transaction IDs, and a list of activated
Mac instances (random UUID + a "Unnamed Mac" or
user-supplied label per slot). License records are kept for
the lifetime of your access to that tier; on refund or
cancellation the record is marked accordingly but retained
for accounting purposes.
If you want your license record deleted (because you've stopped using Noxen and want a clean slate), email us — we'll delete the KV record after confirming there's no outstanding subscription or refund window.
Contact
hello@noxen.app for any privacy question.