Duplyfi ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our desktop application, website, and services.

This policy is designed to comply with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

Account Information

• Email address (for account creation and communication)
• Password (stored as a salted hash, never in plain text)
• Display name (optional)

Device Information

• Hardware identifier (HWID) for license binding and device management
• IP address (logged temporarily for security purposes)

Telemetry Data (Opt-In)

If you choose to opt in via the desktop application Settings panel, we collect:

• Crash reports and error logs
• Feature usage statistics (which effects are used, etc.)
• Performance metrics (processing times, thread usage)

Telemetry is fully optional and can be toggled off at any time in Settings. Telemetry data is anonymized and never includes your files or their contents.

• Authenticate your account and manage license activation
• Process subscription payments via our merchant of record
• Send transactional emails (account verification, password resets)
• Improve the product based on aggregated telemetry (if opted in)
• Detect and prevent fraud or abuse
• Comply with legal obligations

We do not sell your personal information. We do not use your data for advertising.

All payments are processed by Lemon Squeezy, our merchant of record. We do not store, process, or have access to your credit card details, bank account information, or other payment credentials. Lemon Squeezy handles all payment data in accordance with PCI DSS standards.

For billing inquiries, you can access the Lemon Squeezy customer portal through your Duplyfi account settings.

Transactional emails (account verification, password resets, subscription confirmations) are sent via Resend. We do not send marketing emails unless you explicitly opt in. You can unsubscribe from optional emails at any time.

Your account data is stored in a PostgreSQL database hosted on DigitalOcean infrastructure. We implement industry-standard security measures including:

• Encrypted connections (TLS/SSL) for all data in transit
• Salted password hashing (bcrypt)
• JWT RS256 authentication tokens
• Rate limiting on all API endpoints
• Regular security audits

Your media files are processed entirely on your local device and are never uploaded to our servers.

• Active accounts: Data is retained for the duration of your account.
• Deleted accounts: Account data is permanently deleted within 30 days of account deletion.
• Telemetry data: Anonymized telemetry is retained for up to 12 months, then automatically purged.
• Server logs: IP addresses in server logs are retained for up to 90 days for security purposes.

Under GDPR and CCPA, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate personal data
• Delete your account and associated data
• Export your data in a portable format
• Opt out of telemetry data collection at any time via Settings
• Object to processing of your data

To exercise any of these rights, contact us at privacy@duplyfi.com. We will respond within 30 days.

Duplyfi uses minimal cookies. We use a single HTTP-only session cookie containing your JWT authentication token. We do not use tracking cookies, advertising cookies, or third-party analytics cookies on our website.

We share limited data with the following third parties:

Duplyfi is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected data from a child under 16, we will promptly delete it. If you believe a child has provided us with personal information, please contact us at privacy@duplyfi.com.

We may update this Privacy Policy from time to time. We will notify you of material changes via email or an in-app notice at least 14 days before the changes take effect. Continued use of the Service after changes constitutes acceptance.

For privacy-related questions or to exercise your data rights, contact us at privacy@duplyfi.com.

For general support, contact support@duplyfi.com.