Legal

Privacy Policy & Disclaimer

App Name: Make It EditableLast Updated:

1. Introduction

Welcome to Make It Editable ("we," "our," or "us"). This Privacy Policy and Disclaimer explain how we handle user data, your responsibilities, and the limitations of our liability. By using the app, you agree to this policy and disclaimer. If you do not agree, please discontinue use.

This policy covers both the Make It Editable Android app distributed on Google Play and the marketing website at makeiteditable.com.

2. About the App

Make It Editable lets you:

  • Enter or paste a website URL and open it in a full-screen WebView.
  • Open multiple tabs and navigate between them.
  • Toggle edit mode, which temporarily applies the contenteditable attribute to the page so you can modify text. All changes are temporary and disappear when the page is refreshed or closed.
  • Apply text formatting (bold, italic, underline, and similar) to the page you are viewing.
  • Replace images on the page with photos from your device's photo library or camera.
  • Take a screenshot of the WebView and share it via your device's native share sheet.
  • Use built-in developer tools: a network panel, a console logs panel, an element inspector, and a JavaScript injection tool.

Intended use: entertainment, testing, and demonstrations (for example, previewing content changes before implementing them).

3. Permissions

The app requests the following permissions. We do not use them to collect data about you; they are granted to the underlying OS features the app relies on.

  • Photo library — so you can pick an image from your device to replace an image on the page.
  • Camera — so you can capture a new photo to use as a replacement image.
  • Microphone / audio recording — so websites loaded inside the WebView can request microphone access (for example, voice-enabled pages). We do not record audio ourselves.
  • Storage (legacy Android 12 and earlier) — to save screenshots through the system share sheet.
  • System overlay (Android) — used by the floating toolbar UI.
  • Internet and network state — required for the WebView to load websites.
  • Vibration — for haptic feedback on toolbar interactions.

4. Information We Collect

We do not require registration, login, or any personally identifying information to use the app.

We use PostHog (EU host: eu.i.posthog.com) to collect anonymous product analytics. PostHog assigns a random device ID; we do not link this to your name, email, or other identifiers.

We record screen views and the following events:

  • website_preview_started — includes the URL you entered (origin and path only)
  • settings_opened
  • new_tab_created — includes the new tab URL (origin and path only)
  • tab_closed — includes the number of remaining tabs
  • tab_switched — includes the total number of open tabs
  • screenshot_shared — includes the current tab URL (origin and path only)
  • edit_mode_toggled — includes whether edit mode was enabled or disabled
  • formatting_applied — includes the formatting command used
  • image_replaced — includes the MIME type of the image
  • network_panel_opened
  • logs_panel_opened
  • element_inspector_opened
  • javascript_injected — includes the length (not the contents) of the injected code
  • ai_js_generated — includes the AI provider ID, model ID, and generated code length
  • ai_js_generation_failed — includes the AI provider ID and error message
  • storage_item_set, storage_item_deleted, storage_cleared — includes which storage type was affected (localStorage, sessionStorage, or cookies); never includes keys or values
  • paywall_shown, paywall_dismissed — includes the trigger and outcome
  • purchase_started, purchase_completed, purchase_cancelled, purchase_failed — includes the product ID
  • restore_completed, restore_failed
  • whats_new_completed, whats_new_skipped — includes the app version and, for skips, the step number
  • webview_error_occurred — includes the URL (origin and path only), error code, and error description
  • app_crash — includes the error name and message

PostHog also auto-captures screen views (screenevents) containing the in-app pathname and the previous screen. URLs passed as route parameters are scrubbed to origin and pathname only — query strings and fragments (which may contain tokens or other sensitive values) are never sent.

We do not collect the contents of the pages you view, the edits you make, the screenshots you take, the JavaScript you inject, or the network requests and console logs displayed in the developer tools.

Third-party sites in the WebView. Websites you load inside the WebView may set their own cookies, run their own analytics, and request their own permissions. Those activities are governed by the privacy policies of those sites, not by this one.

5. Third-Party Services

PostHog acts as a data processor for the anonymous analytics described in Section 4. Events are sent to PostHog's EU region. See posthog.com/privacy for details.

RevenueCat manages in-app subscriptions and purchase verification. When you purchase or restore a subscription, RevenueCat processes your app user ID and purchase receipt. No payment card data passes through RevenueCat — payment is handled entirely by Google Play. See revenuecat.com/privacy.

AI providers (OpenAI, Anthropic, Google). The AI JavaScript assistant is an optional feature that requires you to supply your own API key in Settings. When you use it, your prompt is sent directly from your device to your chosen provider. We do not proxy, store, or log these requests. The API key itself is stored only in your device's secure keystore and never transmitted to us. Refer to your provider's own privacy policy for how they handle API requests.

Google Play distributes the app and processes subscription payments. When you install, update, or purchase a subscription, Google Play processes data in accordance with its own policy: Google Privacy Policy.

Expo / EAS Update. The app checks for over-the-air updates via Expo's EAS Update service (u.expo.dev). This request includes device and build metadata needed to serve the correct update bundle. See expo.dev/privacy.

No advertising networks or ad SDKs are integrated.

6. Security & Local Storage

Your edits and screenshots remain on your device unless you choose to share them through the system share sheet. We do not upload them and do not have access to them.

The app stores the following data locally on your device:

  • @whats_new_version — which version of the "What's New" screen you last saw.
  • @toolbar_intro_shown — whether the toolbar intro screen has been shown.
  • AI provider API keys — if you set up the AI assistant, your API key is stored in your device's secure keystore (iOS Keychain / Android Keystore). It is never transmitted to us and is only used to make requests directly to your chosen AI provider.

None of this data contains personal information and none of it is shared with us.

7. Your Rights (GDPR)

Data controller: the developer of Make It Editable, reachable at tomislav@horseandradish.hr.

Legal basis. We rely on our legitimate interest (GDPR Art. 6(1)(f)) in understanding product usage and diagnosing errors to process the anonymous analytics described in Section 4. Distribution through Google Play is processed on the basis of contract performance.

Retention. Anonymous analytics events are retained for up to 12 months and then deleted or aggregated by PostHog in line with our project configuration. Local device storage is retained until you clear the app's data or uninstall the app.

Your rights. Subject to applicable law, you have the right to access, rectify, erase, restrict, object to, and port the personal data we process about you. Because analytics are tied only to a random device ID, requests to exercise these rights may require you to provide that device ID (available on request) so we can locate the relevant events.

How to exercise your rights. Email us at tomislav@horseandradish.hr. We respond within 30 days.

Right to complain. You may lodge a complaint with the Croatian Personal Data Protection Agency (AZOP) at azop.hr, or with the supervisory authority in your country of residence.

8. Children's Privacy

Make It Editable is not directed at children under the age of 13 and we do not knowingly collect personal data from children. If you believe a child has used the app and would like their associated anonymous analytics data deleted, contact us at tomislav@horseandradish.hr.

9. User Responsibilities

  • Use the app only for lawful, ethical, and personal purposes.
  • Do not use the app to spread misinformation, commit fraud, or violate the rights of others.
  • You are solely responsible for the websites you choose to edit, the modifications you make, the code you inject, and any screenshots you create or share.
  • Misuse may result in access being blocked at the developer's discretion.

10. Disclaimer

The app is provided "as is" and "as available." We make no warranties regarding accuracy, reliability, or fitness for a particular purpose. We are not liable for any damages, legal issues, or disputes arising from your use of the app, including misrepresentation of edited content.

11. Governing Law

This Privacy Policy and Disclaimer are governed by the laws of the Republic of Croatia. Any disputes will be resolved in the courts of the Republic of Croatia.

12. Changes to This Policy

We may update this page from time to time. Material changes will be reflected by an updated Last Updated date above. Where required by law, we will seek your consent.

13. Contact Us

Questions about this policy? Email us at tomislav@horseandradish.hr.