Privacy Policy · CLONYFY

Last updated: May 5, 2026 · GDPR-aligned

    We believe in minimal data collection. CLONYFY is a self-hosted tool — your cloned content never leaves your server.
  

1. What We Collect

Data	Why	Stored where
Name & email	Account creation, communication	Local server (data/users.json)
Password hash	Authentication (bcrypt, never plaintext)	Local server
Plan & billing info	Subscription management	Local server (data/payments.json)
Clone history	Usage tracking, plan limits	Local server (data/clones.json)
IP address	Rate limiting only (not stored persistently)	Memory, cleared every 5 min

2. What We Don't Collect

Analytics or tracking cookies
Browser fingerprinting
Cloned website content (stored only on your device)
Third-party advertising data

3. How We Use Your Data

Your data is used exclusively to:

Authenticate and manage your account
Enforce plan limits (clone counts, page caps)
Send transactional emails (verification, password reset, billing)
Process manual payment confirmations

We do not sell, share, or rent your personal data to any third party.

4. Email Communications

We send emails only for:

Email address verification
Password reset requests
Subscription expiry and renewal reminders
Payment status updates (confirmed/rejected)

We do not send marketing emails unless you explicitly opt in.

5. Data Retention

Your data is retained as long as your account is active. You may request deletion by contacting us — we will delete your account and all associated data within 7 days. Clone history and error logs are automatically capped (5,000 and 2,000 records respectively) and older entries are purged automatically.

6. Security

Passwords are hashed using bcrypt (cost factor 12) — we cannot recover your password. All session tokens are random UUIDs. Rate limiting protects against brute-force attacks. The server should be run behind HTTPS in production.

7. Your Rights (GDPR)

If you are in the EU/EEA, you have the right to:

Access — request a copy of your personal data
Correction — update your name or email in Dashboard
Deletion — request full account deletion
Portability — receive your data in JSON format
Object — object to processing of your data

To exercise these rights, contact us via the email on your account.

8. Cookies

CLONYFY does not use cookies. Authentication uses a token stored in localStorage on your device, which you can clear at any time.

9. Changes to This Policy

We may update this Privacy Policy occasionally. Material changes will be communicated via email. Continued use of the Service constitutes acceptance.

10. Contact

For privacy-related requests, contact us at the email registered on your account. We respond within 48 hours.