We don't collect what we don't need.
1. Who we are
AutoHelpKey is a product of Resonant Labs LLC ("we," "us," "our"). This privacy policy covers the AutoHelpKey desktop application for macOS (and Windows, when released), this website (resonantlab.ai/autohelpkey), and any related communications.
If you have questions about this policy, email support@resonantlab.ai.
2. The data AutoHelpKey processes — and where it goes
| What it touches | Where it goes |
|---|---|
| Flow definitions you create (blocks, hotkeys, sequences) | Stored locally in ~/Library/Application Support/AutoHelpKey/. Never uploaded. |
| Keystrokes the app sends to other apps | Generated locally. Never logged, never transmitted. |
| Clipboard contents (only if your flow uses a clipboard block) | Read in-memory, used by the flow, discarded. Never transmitted. |
| Window titles + active app names (for window-match triggers) | Read in-memory only. Never logged, never transmitted. |
| Screen contents | Not read at all. AutoHelpKey doesn't take screenshots, OCR, or scrape pixels. |
| PHI (patient names, MRNs, study IDs, dictation text) | Touched only inside your machine, only via the flows you build. Never leaves the device. |
3. The data we collect about you
We try to collect as little as possible. Here is the full list:
3.1 Account & license data
- Email address (only if you buy a paid tier or join the waitlist) — to deliver your license key and product updates.
- License key — generated on our side, stored on your device. Validated offline via cryptographic signature, no phone-home required.
- Payment metadata — handled by Stripe. We never see or store your full card number. Stripe's privacy policy: stripe.com/privacy.
3.2 Optional product analytics
If — and only if — you opt in via Settings → Analytics, AutoHelpKey sends us:
- App version, OS version, locale
- Aggregate usage counts: total flows created, total triggers fired, total session duration
- Anonymous install ID (random UUID, generated once, can be reset)
We never send: flow names, flow contents, hotkey assignments, keystrokes, clipboard data, window titles, app names, screen contents, file paths, or anything else that could identify what you do or who you do it for. The analytics toggle is off by default.
3.3 Crash reports
If AutoHelpKey crashes, we may collect a crash report containing the stack trace, app version, and OS version. Crash reports are scrubbed of file paths and user data before transmission. You can disable crash reporting in Settings.
3.4 Website data
The resonantlab.ai/autohelpkey site does not run analytics. No Google Analytics, no Facebook Pixel, no Mixpanel/Hotjar/Segment/PostHog, no fingerprinting, no tracking cookies, no session-replay tools, no ad pixels of any kind. Standard server access logs (request timestamps, IPs, user agents) are kept by our hosting providers (Vercel and Cloudflare) for short retention windows for security and operations purposes — these are not visible to us as user-level analytics.
4. HIPAA & healthcare data
AutoHelpKey is designed to be safe to use in clinical settings by architecture:
- The application has no backend service. There is no path by which PHI could be transmitted to us, even accidentally.
- AutoHelpKey sends synthetic input (keystrokes, clicks). It does not capture or read screen contents, OCR images, or extract data from clinical applications.
- If your flow reads from the clipboard, the data is processed in-memory by your local OS APIs and discarded. We have no visibility into it.
- Optional analytics and crash reports are explicitly engineered to exclude any field that could carry PHI.
For institutional buyers, a Business Associate Agreement (BAA) is available on request. The BAA is short because there is no PHI for us to safeguard — we never have it.
You remain the data custodian under HIPAA. AutoHelpKey is a tool that operates entirely within your trust boundary.
5. How we use the data we do collect
- Email: deliver licenses, send critical security or product update notices, respond to support requests. We do not sell or share email addresses with anyone.
- Payment metadata: process subscriptions and renewals via Stripe.
- Optional analytics: understand which features are used so we can improve the product. Aggregate only.
- Crash reports: diagnose and fix bugs.
6. Sharing & third parties
We share data only with the minimum third-party services required to operate the product:
- Stripe — payment processing
- Email provider (transactional only, e.g. Resend or Postmark) — license delivery + critical notices
- Apple notarization service — for signing macOS releases (no user data is sent here; only our own builds)
We do not sell, rent, or trade personal information. We do not share data for advertising. We do not use third-party analytics or tracking pixels on our website or in the app.
7. Retention
- Account/email: retained as long as you have an active license, plus 24 months for tax and accounting records, then deleted.
- Payment metadata: retained per Stripe's policies and applicable financial regulations.
- Crash reports / analytics: retained 90 days, then aggregated and individual records deleted.
- Local data on your device: retained until you delete it. Uninstalling AutoHelpKey via the included uninstaller removes all locally stored flows and settings.
8. Your rights
Depending on where you live (GDPR, CCPA, and similar), you have the right to:
- Access the personal data we hold about you
- Request correction or deletion
- Export your data in a portable format
- Withdraw consent for optional analytics at any time
- Opt out of marketing emails (transactional emails like license delivery may still be sent)
Send requests to support@resonantlab.ai. We respond within 30 days.
9. Security
The app's biggest security feature is also our smallest attack surface: most of your data never leaves your machine, so most categories of breach are simply not possible. For the data we do hold (emails, license records):
- Stored with reputable U.S. providers (Stripe, our email provider) that maintain SOC 2 / ISO 27001 controls.
- Access is limited to founder-level staff on a need-to-know basis.
- Communication is encrypted in transit (TLS 1.2+) and at rest.
- License keys are validated cryptographically (Ed25519 signatures) — no plaintext secret is exposed.
10. Children
AutoHelpKey is a workplace productivity tool. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us with information, contact us and we'll delete it.
11. Changes to this policy
We will revise this policy when our practices change. The "Last updated" date at the top reflects the current version. Material changes (anything that expands what we collect or how we share it) will be communicated by email to active customers at least 30 days before they take effect.
12. Contact
Resonant Labs LLC
Privacy: support@resonantlab.ai
Support: support@resonantlab.ai