Privacy Policy

This Privacy Policy describes how Worp collects, uses, and protects information when you use the Worp iOS app, Worp Mac app, and the worp.sh website.

Worp is operated by Chanhyeok Kim ("Owner", "we", "us"), based in the Republic of Korea.

1. Information We Collect

a) Account information (via Sign in with Apple)

• Email address (or Apple's private relay alias, if you choose)
• Display name (if you provide one)
• A stable, anonymous user identifier provided by Apple

b) Device information

• Device name (e.g., "John's iPhone")
• Platform (iOS or macOS)
• Date when the device was paired with your account

c) Pairing keys

• ECDSA P-256 public key, used to authenticate secure peer-to-peer connections between your iPhone and Mac

d) Operational logs

• Service events such as connection establishment, session attach, and errors
• Retained for up to 30 days, used for debugging and abuse prevention

e) Session group metadata (local only)

• Group names and session-to-group assignments
• Stored only on your Mac (~/.worp/run/session-groups.json); never transmitted to our servers

2. How We Use Your Information

• To authenticate you (Sign in with Apple)
• To establish secure peer-to-peer connections between your iPhone and Mac
• To detect and prevent abuse of the service
• To investigate and resolve technical issues

We do not sell your data. We do not use your data for advertising. We do not use third-party analytics.

3. Third-Party Services

Worp uses the following third-party services. Each is subject to its own privacy policy.

• Apple Inc. — Sign in with Apple. Apple Privacy Policy
• Cloudflare, Inc. — TURN servers (peer-to-peer connection NAT traversal) and worp.sh website hosting (Cloudflare Pages). Cloudflare Privacy Policy
• Sparkle Project — Mac app auto-update framework. Sparkle communicates with our release server to check for updates; no personal data is shared.

4. Legal Basis (GDPR)

If you are in the European Economic Area or the United Kingdom, our legal bases for processing your data are:

• Consent — for Sign in with Apple email and display name
• Contract — for data necessary to provide the service (pairing keys, account information)
• Legitimate interests — for operational logs (debugging and abuse prevention)

5. Data Retention

• Operational logs: 30 days
• Account data: For as long as your account is active
• Pairing keys: Until you unpair the device
• You may request account deletion at any time via the contact email below.

6. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access your personal data
• Correct inaccurate data
• Delete your data (right to erasure / right to be forgotten under GDPR)
• Object to processing
• Data portability
• Withdraw consent at any time
• Opt-out of the "sale" of personal information (CCPA) — note: Worp does not sell personal data

Residents of the Republic of Korea have equivalent rights under the Personal Information Protection Act (PIPA).

To exercise any of these rights, please contact us at [email protected].

7. Children's Privacy

Worp is not intended for users under 13 years of age. Sign in with Apple requires users to be 13 or older. We do not knowingly collect personal data from children under 13. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

8. International Data Transfers

Worp's signaling server is hosted in Tokyo, Japan (Fly.io, region nrt). If you use Worp from outside Japan (including South Korea, the EU, the US, or elsewhere), your data may be transferred to Japan for service operation.

We rely on the following mechanisms for cross-border transfers:

• Standard Contractual Clauses (SCCs) for transfers from the European Economic Area
• Japan-EU adequacy decision (where applicable)
• APEC Cross-Border Privacy Rules (CBPR) for Asia-Pacific transfers

Sign in with Apple data flows through Apple Inc. servers (United States). Cloudflare TURN and Pages services route data through Cloudflare's global edge network; data is used only to facilitate peer-to-peer connectivity and website delivery.

9. Cookies and Local Storage

• Mobile apps (iOS). Worp's iOS app operates within Apple's sandbox and does not use traditional cookies.
• Mac app. Local preferences and credentials are stored in the macOS Keychain and the standard application support directory. No cookies are used.
• Website (worp.sh). Uses only Cloudflare's essential bot management cookie (__cf_bm) for security. We do not use tracking, analytics, or advertising cookies. A consent banner is not required for essential cookies.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes through the app or via email. The "Last updated" date at the top of this policy indicates the most recent revision.

11. Contact

For privacy-related inquiries or to exercise your rights:

• Email: [email protected]
• Owner: Chanhyeok Kim
• Country: Republic of Korea