Privacy Policy

Last Updated: January 1, 2025 • Effective Date: January 1, 2025

1. Introduction & Scope

This Privacy Policy explains how iMessage Enterprise Exporter ("we," "us," "our," or "the Software") handles data when you use our forensic message export application. This policy applies to:

• The iMessage Enterprise Exporter desktop application for macOS
• Our website at imessageexporter.com
• All related services, updates, and support communications

We are committed to transparency about our data practices and protecting the privacy of legal professionals, investigators, and compliance officers who trust us with sensitive evidence collection.

2. Data We Process Locally

The Software processes the following data entirely on your Mac:

2.1 iMessage Database Access

• What: Read-only access to your macOS Messages database (~/Library/Messages/chat.db)
• How: The Software opens the database in immutable, read-only mode using SQLite's SQLITE_OPEN_READONLY flag
• Why: To extract message content, metadata, timestamps, and participant information for export
• Location: All processing occurs locally on your Mac. No data is transmitted to our servers
• Integrity: The source database is never modified, ensuring forensic soundness

2.2 Export Output

• What: JSON, CSV, and/or PDF files containing exported message data plus media attachments
• Where: Saved to a directory you explicitly choose during each export operation
• Control: You have complete control over export location, retention, encryption, and deletion
• Content: Includes message text, timestamps, participants, metadata, and copies of media files (photos, videos, documents)

2.3 Verification & Audit Data

• SHA256 Manifests: Cryptographic checksums for each exported file, saved alongside your export
• Audit Logs: Timestamped logs documenting export operations, including operator, source paths, filters applied, and completion status
• Export Metadata: JSON file documenting export parameters (date ranges, participants, formats selected)

3. Data We Never Collect or Transmit

The following data is never uploaded, transmitted, or accessible to us:

• Message content from your iMessage conversations
• Media attachments (photos, videos, voice messages, documents)
• Contact information, phone numbers, or email addresses from your Messages
• Participant identities or conversation metadata
• Exported files or any portion of their contents
• Audit logs or export history
• Your macOS account credentials or system passwords
• Device backups, keychain data, or other system information

4. Limited Network Activity

The Software makes minimal network connections for these specific purposes only:

4.1 License Activation (One-Time)

• What: License key, purchase email, macOS version, hardware identifier (anonymized)
• When: Once during initial activation
• Why: To validate your purchase and prevent unauthorized use
• Does NOT include: Any message content, contacts, or export data

4.2 Update Checks (Optional)

• What: Current version number, macOS version, license tier
• When: Periodically (default: weekly) or manually via Preferences
• Why: To notify you of bug fixes, security patches, and macOS compatibility updates
• Control: Can be completely disabled in Preferences → Updates → "Check for updates automatically"
• Does NOT include: Any message content, usage patterns, or export data

4.3 Crash Reports (Opt-In Only)

• What: Stack traces, error codes, macOS version, Software version
• When: Only if you explicitly opt-in after a crash occurs
• Why: To diagnose and fix software bugs that affect stability
• Does NOT include: Message content, file paths containing personal information, or identifiable data
• Control: You are prompted before any crash report is sent and can decline

4.4 Anonymous Usage Statistics (Opt-In Only)

• What: Export counts (not content), export formats used, feature usage, performance metrics
• When: Only if you explicitly enable in Preferences → Privacy → "Share anonymous usage statistics"
• Why: To understand which features are most valuable and where to focus development
• Does NOT include: Message content, identifiable information, or specifics about your cases
• Default: Disabled by default. Requires explicit opt-in

5. Website Analytics

Our website (imessageexporter.com) uses minimal analytics:

• Service: Privacy-focused analytics (no third-party tracking cookies)
• Data Collected: Page views, referring sites, general location (country/region only), browser type
• Does NOT track: Individual visitors, cross-site behavior, or personally identifiable information
• Cookies: Only essential cookies for website functionality (no advertising or tracking cookies)

6. Data Security Practices

We employ multiple layers of security to protect your data:

6.1 Application Security

• Read-Only Access: Messages database opened with SQLITE_OPEN_READONLY flag, preventing any modifications
• No In-Memory Retention: Message content is streamed through the export pipeline and not retained in memory after processing
• Sandboxing: Optional sandboxed export directory mode restricts file system access
• Code Signing: Application is cryptographically signed and notarized by Apple
• Input Validation: All user inputs are validated and sanitized to prevent injection attacks

6.2 Network Security

• TLS Encryption: All network communications (license activation, update checks) use TLS 1.3
• Certificate Pinning: Update servers use certificate pinning to prevent man-in-the-middle attacks
• Minimal Endpoints: Only license.imessageexporter.com and updates.imessageexporter.com are contacted

6.3 Recommendations for Users

• Encryption: Store exports on encrypted volumes (FileVault, external encrypted drives)
• Access Control: Use macOS user permissions to restrict who can access export directories
• Secure Deletion: Use secure deletion tools when removing exports containing sensitive data
• Backup Security: If backing up exports, ensure backups are encrypted and access-controlled

7. Data Retention

• Local Exports: You control retention. Exports remain on your Mac until you delete them
• Audit Logs: Stored locally with your exports until you delete them
• License Data: We retain license activation records for the lifetime of your license to prevent fraud
• Support Emails: Retained for 3 years for support history and legal compliance
• Crash Reports: Retained for 90 days, then automatically deleted

8. Your Privacy Rights

You have the following rights regarding your data:

• Access: Request a copy of data we hold about you (license records, support emails)
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your account and associated data (subject to legal obligations)
• Portability: Request your data in machine-readable format
• Opt-Out: Disable update checks and analytics at any time in Preferences
• Object: Object to data processing for specific purposes

To exercise these rights, contact us at privacy@imessageexporter.com. We will respond within 30 days.

9. Third-Party Service Providers

We use the following third-party services with strict data minimization:

• Payment Processing: Stripe (for credit card processing). We never see or store your full credit card numbers
• Email Services: For transactional emails (license delivery, support responses). No marketing emails without explicit consent
• Cloud Hosting: For website and license validation servers. All connections are encrypted

All service providers are contractually obligated to protect your data and prohibited from using it for other purposes.

10. Legal Compliance & Disclosure

We may disclose data only in these limited circumstances:

• Legal Obligations: When required by law, court order, or subpoena
• Fraud Prevention: To prevent fraudulent license usage or unauthorized access
• Safety: To protect the safety of individuals or prevent illegal activity

If legally required to disclose information, we will:

• Notify you in advance if legally permitted
• Disclose only the minimum information required
• Challenge overly broad or improper requests

11. International Users

Our servers are located in the United States. If you use our Software from outside the US:

• Your limited license activation data may be transferred to and processed in the US
• Your message data never leaves your Mac
• We comply with applicable international data protection laws
• For EU users: We provide appropriate safeguards for data transfers under GDPR

12. Children's Privacy

Our Software is designed for professional use by legal practitioners, investigators, and compliance officers. We do not knowingly collect information from individuals under 18. If you believe a minor has provided us information, contact us immediately at privacy@imessageexporter.com.

13. Changes to This Policy

We may update this Privacy Policy to reflect:

• Changes in our data practices
• New features or services
• Legal or regulatory requirements

When we make material changes:

• We will update the "Last Updated" date at the top of this policy
• We will notify users via email for significant changes
• For material changes, we may require acceptance before continued use

14. Contact Information

For privacy-related questions, concerns, or requests:

• Email: privacy@imessageexporter.com
• General Support: support@imessageexporter.com
• Response Time: Within 30 days (typically much faster)