Privacy Policy

Last updated: March 18, 2026

1. Data We Collect

Account data: Email address, provided via Clerk authentication. We do not collect passwords — authentication is handled entirely by Clerk.

Usage data: URLs you analyze, analysis results (scores, tiers, tech stack), subscription tier, analysis history, and timestamps.

Payment data: Handled entirely by Lemon Squeezy (our merchant of record). Replisk never sees, processes, or stores credit card numbers, bank details, or billing addresses.

API keys: Stored as SHA-256 hashes. We cannot recover the original key — it is shown to you exactly once at creation.

Technical data: IP address (for rate limiting only, deleted after 24 hours), browser user-agent string (for compatibility).

2. Data We Do Not Collect

• We do not track users across other websites
• We do not use advertising or tracking cookies
• We do not use Google Analytics, Facebook Pixel, or any third-party analytics
• We do not sell, rent, or share user data with third parties for marketing
• We do not store content from analyzed websites — only the analysis result (scores, signals, and summaries)
• We do not collect location data, device identifiers, or fingerprinting data

3. How We Use Your Data

• Provide the service: Run analyses, store results, manage your subscription
• Process payments: Via Lemon Squeezy — we pass your Clerk user ID to link payments to your account
• Transactional emails: Analysis complete notifications, subscription renewal reminders, watchlist alerts (via Resend)
• Rate limiting: IP addresses used to enforce daily analysis quotas for anonymous users
• Service improvement: Aggregate, anonymized usage patterns to improve scoring accuracy

4. Data Storage and Security

User data is stored on a DigitalOcean server in New York, USA. The database is PostgreSQL with encrypted connections. Automated backups run daily and are retained for 7 days.

API keys are stored as SHA-256 hashes — even in the event of a data breach, original keys cannot be recovered. All API communication uses HTTPS/TLS.

5. Third-Party Services

Replisk uses the following third-party services that process user data:

• Clerk (authentication) — processes your email and session data. clerk.com/privacy
• Lemon Squeezy (payments) — processes payment and billing data as merchant of record. lemonsqueezy.com/privacy
• Anthropic (AI analysis) — URLs, observable page signals, and any context files you upload are sent to the Claude API for deep analysis. No user account data is shared. anthropic.com/privacy
• Resend (email) — transactional emails only. resend.com/privacy
• DigitalOcean (hosting) — infrastructure provider. digitalocean.com/privacy

6. Data Transfers & International Processing

Your data is processed by the following third-party services located in the United States:

• Clerk (authentication) — clerk.com/privacy
• Anthropic (AI analysis) — anthropic.com/privacy
• DigitalOcean (hosting) — digitalocean.com/privacy
• Lemon Squeezy (payments) — lemonsqueezy.com/privacy

These transfers are covered by Standard Contractual Clauses (SCCs) as established by each processor. By using Replisk, you consent to your data being processed in the United States in accordance with these agreements.

For Argentine users: data processing complies with Law 25,326 (Personal Data Protection Law). For EU users: transfers are covered by Article 46 GDPR Standard Contractual Clauses.

To request information about our data transfer mechanisms, contact privacy@replisk.com.

7. Your Rights

Under GDPR, CCPA, and similar data protection laws, you have the right to:

• Access your data: View your profile at replisk.com or GET /api/v1/me
• Delete your account: Email privacy@replisk.com — processed within 30 days
• Export your data: Email privacy@replisk.com
• Opt out of emails: Unsubscribe link in any transactional email
• Correct your data: Update via account settings or email us

See our GDPR page for additional rights under European data protection law.

8. Data Retention

• Account data: Retained while your account is active, plus 30 days after deletion request
• Analysis history: Retained while your account is active
• IP addresses: 24 hours maximum (rate limiting only)
• Backups: 7 days rolling retention
• Payment records: Retained by Lemon Squeezy per their retention policy

9. Your California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with additional rights regarding your personal information:

• Right to know: You may request the categories and specific pieces of personal information we have collected about you in the past 12 months.
• Right to delete: You may request that we delete personal information we collected from you, subject to certain exceptions.
• Right to opt-out of sale: Replisk does not sell personal information to third parties. We do not share personal information for cross-context behavioral advertising.
• Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights.

Categories of personal information collected: Identifiers (email address, IP address), commercial information (purchase history), and internet activity (analysis history, pages visited). See Section 2 above for details.

To exercise any of these rights, email privacy@replisk.com. We will respond within 45 days.

10. Children

Replisk is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has provided us data, contact privacy@replisk.com.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected in the “Last updated” date. For material changes, we will notify registered users via email.

12. Contact

For privacy-related inquiries: privacy@replisk.com
Data Controller: Miguel Fornero, CUIT 20-39644850-6, Buenos Aires, Argentina