DeadStick Digital LLC Engineered for edge cases Contact
Legal

Privacy Policy

This policy explains what information DeadStick Digital LLC collects, how we use it, and the rights you have over your data. It covers our website and every app we publish, including ClawMelt, BillingBird, CarrierPigeonVPN, and Pitot.

Effective date: April 16, 2026 · Last updated: June 5, 2026

Contents

  1. 1. Plain-English summary
  2. 2. Who this applies to
  3. 3. What we collect
  4. 4. How we use information
  5. 5. How we share information
  6. 6. Retention
  7. 7. Your rights (CCPA, GDPR)
  8. 8. Children's privacy
  9. 9. Security
  10. 10. App-specific notes
  11. 11. Changes to this policy
  12. 12. How to contact us
Short version. DeadStick Digital does not sell your data, does not embed third-party analytics or advertising SDKs, and does not maintain user accounts on our servers. Wherever possible, our apps keep your content on your own device or in a cloud account you already control (iCloud, Google Drive).

1. Plain-English summary

We are an independent software studio. Our business model is simple: you pay us for an app, or you don't. Either way, we don't need to know very much about you. The only information we handle is what's strictly necessary to (a) let the app do what you asked it to do, (b) fulfil a paid transaction, or (c) respond to you when you email us.

2. Who this applies to

This policy applies to DeadStick Digital LLC, a Wyoming limited liability company ("DeadStick", "we", "us"), and to these properties:

  • The website at www.deadstick.net
  • ClawMelt — a one-stop desktop training platform for large language models
  • BillingBird — an iOS and Android invoicing and receipt app
  • CarrierPigeonVPN — a paired-device networking app for macOS, Windows, tvOS, iOS, and Android
  • Pitot — a self-contained document scanner and vault

Section 10 describes any data handling that is unique to a specific app. The rest of this policy applies to all of them.

3. What we collect

3.1 Information you provide directly

  • Email correspondence. If you email us, we receive your email address, your message, and any attachments. We keep the thread so we can support you.
  • Purchase information. When you buy one of our apps on the Apple App Store or Google Play, the platform handles the transaction. We receive only the anonymized purchase receipt required to validate your purchase — not your credit card, address, or real name.

3.2 Information collected automatically

  • Website server logs. Our website host records standard access logs (IP address, timestamp, requested URL, referrer, user agent) for up to 30 days for abuse prevention and debugging. These logs are never joined to any profile.
  • Crash reports. If an app crashes, Apple or Google may share anonymized crash reports with us via App Store Connect / Play Console. You can opt out of this in your device's Privacy settings. We use these solely to fix bugs.

3.3 Information we do not collect

We do not operate advertising SDKs, behavioural analytics, user accounts on our servers, location tracking, contact-list access, or any form of device fingerprinting. We do not sell or rent any information to third parties.

4. How we use information

We use the limited information we do collect for the following purposes, and no others:

  • Providing the functionality of the app you installed;
  • Validating your purchase and enabling paid features you have bought;
  • Replying to your support email;
  • Diagnosing crashes and fixing bugs;
  • Complying with legal obligations (tax, export, court orders).

5. How we share information

We share information only with the small set of service providers that are strictly necessary to run our business:

  • Apple Inc. and Google LLC — for App Store / Play Store distribution and payment processing.
  • Our email provider — for receiving and replying to messages you send us through our contact form.
  • Our contact-form provider (Web3Forms) — receives submissions from the message form on our website and forwards them to us by email. Submissions include the name, email address, topic, and message you type in, plus your IP address and a bot-check result, which Web3Forms uses only for spam prevention.
  • Our website host — for serving www.deadstick.net.

We do not share information with advertisers, data brokers, or analytics networks. We may disclose information if required by law, by valid legal process, or to protect the rights, property, or safety of DeadStick Digital, our users, or the public.

6. Retention

We retain email correspondence for as long as needed to provide continuing support and to satisfy our tax and accounting obligations. Server access logs are rotated within 30 days. Anonymized crash reports are kept for up to 12 months.

7. Your rights (CCPA, GDPR, and similar laws)

Depending on where you live, you may have the right to:

  • Access — request a copy of the personal information we hold about you;
  • Rectification — request correction of inaccurate information;
  • Erasure ("right to be forgotten") — request deletion of the information we hold about you. Because we hold so little, most erasure requests can be completed immediately; see our dedicated data deletion page for the specific steps per app;
  • Restriction and objection — object to or restrict our processing of your information where a lawful basis permits;
  • Portability — receive the information you provided to us in a portable, machine-readable format;
  • Withdraw consent — where we rely on consent, you may withdraw it at any time without affecting processing done before withdrawal;
  • Complaint — lodge a complaint with your local supervisory authority (for EEA / UK residents, this is your national data protection authority).

To exercise any of these rights, send us a message through the contact form and select Privacy request as the topic, or write to the postal address in Section 12. We will respond within 30 days (45 days for CCPA requests, extendable once by a further 45 days where permitted). We do not charge a fee for reasonable requests and will not discriminate against you for exercising any right.

7.1 California residents (CCPA / CPRA)

In the preceding twelve (12) months we have not sold personal information and we have not shared personal information for cross-context behavioural advertising, as those terms are defined under the California Consumer Privacy Act as amended by the California Privacy Rights Act. Because we do not sell or share, we are not required to provide a "Do Not Sell or Share My Personal Information" link, but this statement serves as our public acknowledgement.

California residents may designate an authorised agent to submit requests on their behalf. We will verify the agent's authorisation before acting on the request.

7.2 EEA, UK, and Swiss residents (GDPR / UK GDPR)

The controller of your personal information for GDPR purposes is DeadStick Digital LLC, at the address in Section 12. The lawful bases on which we rely are (a) performance of a contract when you buy or use one of our apps, (b) legitimate interests in replying to correspondence, preventing abuse of our website, and improving our products, and (c) consent where we ask for it explicitly. We do not engage in solely automated decision-making or profiling that produces legal effects. We do not transfer personal information outside the United States except as necessary to reply to you if you are messaging us from abroad; in that case we rely on standard contractual protections provided by our email and form providers.

8. Children's privacy

Our apps are designed for general audiences and are not directed to children. Specifically:

  • We do not knowingly collect personal information from children under 13 (United States — Children's Online Privacy Protection Act).
  • We do not knowingly collect personal information from children under 16 (European Economic Area and United Kingdom — Article 8 GDPR / "GDPR-K"), or the lower minimum age where an individual member state has set one.

None of our apps have social features, user-generated content visible to other users, or accounts. If you are a parent or guardian and believe a child has provided us with personal information, please contact us using the details in Section 12 and we will delete it.

9. Security

We take reasonable measures to protect information in transit (TLS 1.2+) and at rest, and we review our practices regularly. However, no method of electronic storage or transmission is 100% secure. If we become aware of a security incident that affects you, we will notify you in accordance with applicable law.

10. App-specific notes

10.1 ClawMelt

ClawMelt performs all model loading, dataset handling, and training on your own computer. No training data, prompts, checkpoints, or logs are ever transmitted to DeadStick Digital. When you choose to download a base model or dataset from a third-party source (such as Hugging Face), that connection is made directly from your computer to that third party under their own privacy policy.

10.2 BillingBird

BillingBird stores your clients, invoices, receipts, and business data in a local on-device database. For BillingBird's iOS App Store release, DeadStick Digital does not collect data from the app. Client records, invoices, receipts, attachments, reports, and settings remain on the device unless the user chooses to export, share, or sync them through their own iCloud account. DeadStick Digital does not receive, read, or store BillingBird app data.

Google Drive sync may be available on some platforms or future releases. The current iOS App Store release uses local storage and optional iCloud sync only. When you choose to sync through a supported cloud provider, your data is encrypted in transit and stored in your own cloud account under that provider's privacy policy. DeadStick Digital does not operate a server that can read your BillingBird data.

10.3 CarrierPigeonVPN

CarrierPigeonVPN establishes a WireGuard tunnel directly between your receiving device (Mac, PC, or Apple TV) and your own paired phone. Traffic is not routed through any DeadStick-operated server and we have no visibility into the contents, destinations, or metadata of your network traffic. Local configuration (WireGuard keys, paired device identifiers) is stored on your devices in the system keychain.

VPN commitment. As required by Apple's App Store Review Guideline 5.4 and Google Play's VpnService policy, DeadStick Digital LLC does not sell, use, or disclose to third parties any data collected by CarrierPigeonVPN, and will not use the VPN tunnel to manipulate ads or track users for advertising, marketing, or analytics purposes. CarrierPigeonVPN is provided by DeadStick Digital LLC, an organization-enrolled developer, and the app's VPN capabilities are used only to carry the user's own traffic between their paired devices.

10.4 Pitot

Pitot stores scanned documents, page images, OCR text, translations, generated PDFs, annotations, folders, tags, and search indexes in a local document vault on your device by default. Those documents may include sensitive personal records such as passports, driver's licenses, IDs, receipts, and forms. Pitot does not require a DeadStick-operated server to scan, organize, search, translate, or export your documents. Private sync through your own iCloud or Google Drive storage may be offered in later versions; those providers' own terms and privacy policies will apply to that optional sync.

11. Changes to this policy

If we change this policy in a way that affects how we treat your information, we will update the "Last updated" date at the top of this page and, where required, notify you in the relevant app or by email. Continued use of the apps after the effective date means you accept the revised policy.

12. How to contact us

For any privacy question, request, or complaint, contact:

DeadStick Digital LLC
Attn: Privacy
c/o Republic Registered Agent LLC
5830 E 2nd St, Ste 7000
Casper, WY 82609, USA
Contact: deadstick.net message form
Web: www.deadstick.net