Transparency
What leaves your machine
A plain-language summary of everything that leaves your machine when you run ArcBrush. The full binding terms are in the Privacy Policy and Terms of Service.
The short answer
ArcBrush is an offline-first desktop application. Your images, project files, and graph data stay on your machine. A purchased Pro license involves no license check that can block you or that runs on an offline machine: it is a file verified on your machine (aside from the opportunistic revocation check below). The only data that travels over the network is described below, and none of it includes your image content (except when you explicitly use the two Cloud nodes).
| What | What's sent | When | Off switch |
|---|---|---|---|
| Pro license verification | Nothing | Never - verified on your machine | Not needed |
| Revocation status check | The license's random ID only | During the normal update check, online only | Never required, never blocks |
| Trial / Studio refresh | Session token + hashed machine fingerprint | Once at startup, when online | Only if you use the trial or Studio |
| Usage telemetry | Install ID, app version, OS, session and graph stats, network diagnostics | About every 30 minutes while the app runs, plus at exit | Settings |
| Cloud nodes | The input image | Only when you run one | Simply don't use them |
| Send Feedback | Your message, system info, graph structure | Only when you click Submit | User-initiated |
| Update check | App version and OS | At startup | Settings |
1. License verification
For a purchased Pro license: nothing. Your license is a signed file, emailed to you at purchase. ArcBrush verifies it on your machine using public keys built into the app - no license check ever leaves your machine, and no server needs to be reachable, not at install, not ever, for your license to work. A permanently offline machine is fine. The file is kept in the app's data folder and re-verified locally at every startup.
The one exception, stated plainly: when the app is already online for its normal update check, it may opportunistically ask our server whether an installed license has been revoked (this happens after a refund, chargeback, or a leaked license). That request carries only the license's random ID - no machine information and no personal information. It is never required, never blocks you from working, and never happens on a machine that is offline.
For the Trial (and Studio seats): the trial is account-based and timed by the server, so it works differently. Starting or refreshing it sends your session token plus a pseudonymous machine fingerprint (a one-way SHA-256 hash of an operating-system device identifier; the raw identifier never leaves your machine) used to count devices. This happens once at application startup, when an internet connection is available. The server returns a signed entitlement valid for 30 days from the most recent refresh, with a 7-day grace period; you can work fully offline for the entire window, and the app re-extends it the next time it can reach the server.
Machine fingerprint: sent only for Trial and Studio device counting (the 3-machine limit) - never for a purchased Pro license. It is associated with your account solely for that device count; it cannot be reversed to identify your hardware and is not used to track activity outside license verification. It is never sent once your account is known to hold a Pro license.
No images, no project data, no file paths are included in any of these requests.
2. Pseudonymous usage telemetry
What leaves your machine: a usage heartbeat sent approximately every 30 minutes while the app is running, plus a final heartbeat when the app closes. It contains:
- A pseudonymous install ID: a one-way SHA-256 hash of an operating-system device identifier (the raw identifier never leaves your machine, and the hash cannot be reversed to recover it; a random UUID is used where the OS provides no such identifier, and installs upgraded from older versions may also send their previous random ID once so the records can be merged).
- App version and operating system ("windows", "macos", or "linux").
- Session duration (minutes open), node count in the current graph, and how many Cloud-node operations ran this session.
- Whether you are signed in (true/false only, never your email), and whether the build is a development build.
- Network diagnostics: the number of failed network requests since the last heartbeat, the proxy mode selected in Settings ("direct", "auto", or "manual" - never the proxy address, username, or password), and whether a custom certificate authority is configured (yes/no only).
The app also sends short named telemetry events about the auto-update process (for example, that an update was offered, downloaded, or applied), with a brief qualifier such as the target version. These follow the same telemetry opt-out.
What does NOT leave your machine in telemetry: no images, no file names, no file paths, no graph content, no node parameter values, no personal information of any kind.
How to opt out: go to Settings and disable telemetry. When disabled, no usage data is sent. Turning off telemetry does not affect license verification (the two are independent).
3. Cloud nodes (Remove Background and Upscale only)
What leaves your machine: the input image, sent over an encrypted HTTPS connection to a third-party image-processing service so the operation can be performed.
When it happens: only when you explicitly place and run one of the two Cloud nodes in your graph. No other node sends image data anywhere.
What is returned: the processed result image, which is stored in your project like any other node output.
Retention: the image is used only to perform the requested operation. It is not retained after the result is delivered. ArcBrush does not store or access these images.
No generative AI: the two Cloud nodes (Remove Background and Upscale) are utility operations, not generative AI. ArcBrush does not include text-to-image or image-editing generation.
If you never use the Cloud nodes, your images never leave your machine.
4. Send Feedback (user-initiated)
What leaves your machine: the text you write, plus system info (OS, app version, GPU model, display resolution) and graph context (node types and connection structure - no image data or file paths).
When it happens: only when you click Submit in the Help > Send Feedback dialog. It is never sent automatically.
5. Automatic update check
What leaves your machine: a request to check for a newer version. The request carries your current app version and operating system. If you have a Pro license file installed, this same request opportunistically carries the random ID from that license file (see section 1) so we can tell you if it has been revoked; nothing else about your license, machine, or account is included.
When it happens: at startup. It can be disabled in Settings (disabling it also disables the opportunistic revocation check, which is never required for the license to keep working).
6. What never leaves your machine (in any scenario)
- Your image data (except when you run the Cloud nodes).
- Project file contents (.arcb files), graph structure, node parameter values.
- File names and file paths.
- Your email address (it is stored on our servers and inside your own license file, but is never transmitted in telemetry, the update check, or the revocation check).
- A machine fingerprint for a Pro license (Pro is never machine-bound; only Trial and Studio send one, and never once your account is known to hold a Pro license).
- Any personally identifiable information in telemetry.
- Your password (day-to-day authentication uses tokens; if you sign in with a password, we store only a salted cryptographic hash of it - never the password itself).