Secure by default.
Local-first by design.
Empath is built for teams that take security seriously and keeps everything local except essentials for enterprise use.
Firebase for secure sign-in, FastSpring for verified licensing, and Mixpanel for analytics. No files ever leave your Mac.
Trusted Third-Party Services
Data & Security FAQs
Can we get a security assessment or vendor questionnaire completed?
Yes, we’re happy to help! Drop us a note at support@get-empath.com.
Does any corporate data leave my machine?
No. All emulated devices, screenshots, app files, and testing data remain completely local on your Mac.
What analytics data is collected?
Only non-sensitive usage metrics: app lifecycle events (launch/quit times), device operation events (starting virtual devices), and UI interactions (button clicks). No screenshots, app content, or business data is ever collected.
Is this software compatible with corporate security policies?
Empath uses enterprise-standard security practices: all communications over HTTPS/TLS 1.2+, authentication via Google Firebase (enterprise-trusted), and no corporate data transmission. Many enterprise customers use Empath safely within their security frameworks.
Does Empath share or store any of my app data?
No. All Android virtual devices and iOS simulators are run locally on your machine. Your data stays local and Empath does not store sensitive data.
How is user authentication handled?
All authentication (sign-in, sign-out, password reset) is managed by Firebase Authentication. Credentials never pass through our servers.
What identity data is stored in Firebase?
Firebase stores unique user IDs (UIDs), emails, and profile data like your name and subscription status. Passwords are hashed by Firebase and never accessible to us.
How is data encrypted?
All communication is over HTTPS/TLS 1.2+. Firebase and FastSpring encrypt data at rest.
Does Empath ever handle or store payment card data?
No. All payment details are entered directly in FastSpring’s PCI-DSS compliant modal. Our app never sees cardholder data.
Is the system compliant with PCI DSS?
Yes. Payment card data never touches our servers; FastSpring handles full PCI compliance.
What about GDPR/CCPA compliance?
You can request account deletion via Firebase (removes identity data) and FastSpring (removes billing records).
What if we need to remove Empath completely?
Uninstalling Empath removes the application but leaves the standard Apple/Google tools (which are commonly used by developers). Your corporate data remains untouched as it was never accessed by Empath.