replicata

Privacy Policy

Last updated: April 16, 2026

Replicata is designed as a local-first developer tool. Most of what you do with the Software stays on your own machine. This policy explains what little data we do collect and how we handle it.

1. What stays local

The following never leaves your machine and is never transmitted to us or any third party:

  • Streaming bytes observed from third-party applications.
  • Element tags, discovery candidates, endpoint catalog entries.
  • Session cookies, logins, or auth tokens for any sites you observe.
  • Replicata's runtime state, scenario configurations, and feedback submissions (stored in your home directory).

2. What we collect

The following limited data is collected in connection with your subscription:

  • Email address and billing data — collected by Polar.sh during checkout and subscription management. We receive access only to what Polar exposes to merchants (email, subscription status, country for tax purposes). We do not see or store full payment card details.
  • License key metadata — when the Software validates your license with Polar's API, Polar records validation and activation events (timestamps, activation labels). These are visible to us and to you via the Polar customer portal.
  • Machine fingerprint — a one-way hash of your hostname, username, and first network-interface MAC address, derived on your machine and sent to Polar only to bind a license to a machine (up to three activations per license). The hash cannot be reversed; we do not receive your hostname or MAC directly.
  • Support correspondence — if you email us, we keep the email to respond to you.

3. What we do NOT collect

  • The Software does not ship any usage-analytics or telemetry SDK. It does not record what you click, which features you use, how long you use it, or what apps you observe.
  • The Software does not transmit error reports, stack traces, or crash logs to us.
  • We do not build advertising profiles, sell data, or share user information with marketing partners.
  • If we ever add opt-in telemetry, error reporting, or analytics SDKs, this policy will be updated before the feature ships.

4. License-validation phone-home

On startup and every six hours, the Software contacts Polar's license-validation API to confirm your subscription is still active. Each request includes only:

  • Your license key
  • Polar organization ID
  • The activation ID assigned to this machine (if already activated)

This is license enforcement, not analytics. No usage data is transmitted. Polar logs the request as it would any API call (timestamp, IP address, response) on their side — see their privacy policy for retention.

If your machine is offline for more than 7 days without a successful re-validation, the Software locks and prompts you to reconnect. No data is sent during offline grace.

5. Website logs

The website replicata.dev is hosted on Cloudflare Pages. Cloudflare records standard web-server logs (IP address, user-agent, requested path, response code, timestamps) for operational and security purposes. These logs are not used to build user profiles or for analytics beyond aggregate operational metrics. We do not set analytics cookies and do not currently embed any analytics script on the site.

4. Third-party services

  • Polar.sh — payments, subscriptions, license keys, customer portal. See Polar's privacy policy.
  • Cloudflare — hosts this website and handles email forwarding for @replicata.dev addresses.
  • Resend or equivalent — transactional email provider for receipts, trial notifications, and license delivery. Identified in receipts.

5. Your rights

You may request a copy or deletion of any personal data we hold about you. For billing and subscription data, use the Polar customer portal (link sent in your purchase confirmation). For anything else, email hello@replicata.dev.

If you are in the EU, UK, or California: you have specific rights under GDPR / UK GDPR / CCPA including access, rectification, deletion, and portability. We honor these requests — email us and we'll coordinate with Polar as needed.

6. Data retention

We retain billing and license data for as long as needed to administer your subscription plus any period required by law (tax, accounting). Support emails are kept indefinitely unless you ask us to delete them.

7. Children

Replicata is a developer tool not directed at children under 13 (or 16 in applicable jurisdictions). We do not knowingly collect data from children.

8. Changes

We may update this policy. Material changes will be noted here with a revised "Last updated" date. If changes are significant we will email active subscribers.

9. Contact

Privacy questions or data requests: hello@replicata.dev.