ASAR Master – Privacy Policy

Account Information

When you create an account with ASAR Master, we collect the following information:

• Email Address: Used for account verification, security notifications, and essential service communications
• Username: Your chosen display name for account identification
• Password: Securely hashed using Argon2d algorithm (we never store plaintext passwords)
• Two-Factor Authentication Data: TOTP secrets (when enabled) for enhanced account security

Session and Usage Information

• IP Address: Used for security monitoring and session management
• User Agent and Platform Information: Browser/device information for compatibility and security purposes
• Session Data: Login times, last activity, and session duration for security monitoring

Application Usage Data

• Electron Application Detection: The application scans your computer to identify installed Electron applications for ASAR archive management purposes
• Hardware Identifier (HWID): Collected and transmitted to our servers for software licensing verification and anti-piracy protection
• IP Address: Transmitted for licensing verification and to prevent unauthorized use of the software
• Usage Analytics: Anonymous usage data may be collected to improve the application experience

Note: While ASAR file contents themselves are processed locally and not transmitted to our servers, the application does communicate with our licensing servers for verification purposes.

We use the collected information for the following purposes:

• Software Licensing: Verifying legitimate software licenses using IP addresses and hardware identifiers (HWID) to prevent piracy and unauthorized use
• Electron App Discovery: Scanning your system to identify installed Electron applications for easier ASAR archive management and user convenience
• Account Management: Creating and maintaining user accounts, authentication, and authorization
• Security: Protecting against unauthorized access, fraud detection, and maintaining account security
• Communication: Sending email verifications, security alerts, and important service updates
• Service Improvement: Analyzing usage patterns to enhance user experience and application performance
• Rate Limiting: Implementing cooldowns to prevent abuse and ensure fair usage

We implement industry-standard security measures to protect your personal information:

• Password Security: All passwords are hashed using Argon2d with high memory and time costs (19456 memory cost, 2 time cost)
• Session Security: JWT tokens with secure signatures, automatic expiration, and session renewal
• Two-Factor Authentication: Optional TOTP-based 2FA for enhanced account protection
• Secure Communication: HTTPS encryption for all web-based interactions and API communications
• Rate Limiting: Automatic protection against brute force attacks and spam

Electron Application Scanning: ASAR Master automatically scans your computer to detect installed Electron applications. This scanning helps identify applications that contain ASAR archives and provides you with a convenient list of applications you can modify.

Scope of Scanning: The application scans common installation directories and program folders to locate Electron applications. It does not access personal files, documents, or other non-application data during this process.

File System Access: Beyond the automatic scanning, the application only accesses ASAR files that you explicitly select or open. We do not monitor or access other parts of your file system without your direct interaction.

Data Transmission: Information about detected Electron applications may be used locally for the application's functionality but is not transmitted to our servers unless required for licensing verification.

License Verification: ASAR Master includes licensing verification systems to ensure legitimate use of the software. This process involves collecting and transmitting certain information to our licensing servers.

Information Collected for Licensing:

• Hardware Identifier (HWID): A unique identifier based on your computer's hardware configuration, used to prevent unauthorized software sharing
• IP Address: Your internet connection's IP address, used for anti-fraud measures
• License Status: Information about your software license validity, expiration date, and usage permissions

Frequency: License verification occurs during application startup and periodically during use to ensure continued legitimate access to the software.

Purpose: This information is used solely for license verification, preventing software piracy, and ensuring compliance with our terms of service.

ASAR Archive Privacy: While the application scans for Electron applications and communicates with licensing servers, the actual ASAR file contents and your modifications are processed entirely on your local machine. We do not upload, store, or transmit ASAR file contents or modified archives to our servers.

Temporary Files: Any temporary files created during ASAR processing are stored locally and automatically cleaned up when the application closes.

Modification Privacy: Your specific modifications, file extractions, and archive manipulations remain private and are not transmitted to our servers.

We do not sell, trade, or otherwise transfer your personal information to third parties, except in the following limited circumstances:

• Licensing Services: We transmit hardware identifiers (HWID) and IP addresses to our licensing verification servers to ensure legitimate software use
• Service Providers: We may use trusted third-party services for email delivery (email verification) and CAPTCHA verification (hCaptcha)
• Legal Requirements: We may disclose information when required by law or to protect our rights, property, or safety
• Business Transfers: In the event of a merger, acquisition, or sale of assets, user information may be transferred

Licensing Data: Hardware identifiers (HWID) and IP addresses used for licensing verification are retained as long as your software license is active. This data may be retained for up to 1 year after license expiration for anti-piracy enforcement.

System Scan Data: Information about detected Electron applications is stored locally on your device and is not transmitted to or retained on our servers.

Account Data: We retain your account information as long as your account remains active. You may delete your account at any time, which will result in the permanent removal of your personal data from our systems.

Session Data: Sessions automatically expire after 30 days of inactivity. Expired sessions and their associated data are automatically deleted.

Email Verification Tokens: Verification tokens expire after 24 hours and are automatically deleted from our system.

Cooldown Data: Rate limiting and cooldown information is retained only as long as necessary for security and abuse prevention purposes.

You have the following rights regarding your personal data:

• Access: You can view and manage your account information through the application's settings
• Modification: You can update your email, username, and password (subject to cooldown periods for security)
• Deletion: You can delete your account and all associated data at any time
• Session Management: You can view and terminate active sessions from other devices
• Email Preferences: You can manage your email verification status and resend verification emails