SecureBuild Privacy Policy

When you create or use a SecureBuild account, we may collect:

• •Identifiers: Name, email, company, username, password
• •Usage data: IP address, device/browser info, site activity, login logs
• •Support data: Messages, technical issue reports, feature requests
• •Cookie and analytics data

If you purchase SecureBuild Images or services, we may also collect:

• •Company name
• •Contact details for technical, support, and billing personnel
• •Company address
• •Billing data via third-party payment processors
• •Deployment metadata related to your use of SecureBuild

Payment data is handled through PCI/DSS-compliant providers. Replicated does not store full payment card details.

We use Personal Data to:

• •Create and manage user accounts
• •Authenticate users and secure access
• •Provide support and respond to inquiries
• •Improve SecureBuild and understand usage
• •Deliver purchased services and features
• •Comply with legal obligations and enforce our rights
• •Send service-related notices and occasional marketing communications

We may also generate aggregated or anonymized data for internal analytics or reports. This data does not identify individuals and may be shared freely.

We use cookies and similar technologies to:

• •Manage sessions and logins
• •Monitor site usage and performance
• •Improve marketing effectiveness
• •Deliver ads on platforms like Twitter or LinkedIn

You can manage cookie settings in your browser. See our Cookie Policy for details.

We implement technical, organizational, and physical safeguards to protect Personal Data. This includes access controls, encryption, secure hosting, and employee security training.

Replicated has completed a SOC 2 Type II audit. Reports are available to current customers under NDA.

No internet-based service is completely secure. If you believe your account has been compromised, contact [email protected] immediately.

Replicated processes Personal Data under the following lawful bases:

• •Consent (e.g., newsletter signups)
• •Contractual necessity (e.g., account management, paid services)
• •Legal obligation (e.g., export compliance, tax)
• •Legitimate interests (e.g., fraud prevention, service improvement)

We perform balancing tests where required to ensure our interests do not override your rights.

Your data may be processed in the United States and other countries. When transferring Personal Data internationally, we use appropriate safeguards including:

• •Standard Contractual Clauses (SCCs)
• •Transfer Impact Assessments (TIAs)
• •Data Processing Agreements (DPAs)

SecureBuild infrastructure is hosted on Amazon Web Services (U.S.).

We retain Personal Data only as long as needed:

• •Account data: while your account is active or until deleted
• •Billing and audit logs: up to 7 years (as required by law)
• •Support tickets and technical logs: typically 12–24 months
• •Anonymized data may be retained indefinitely

After retention periods, we delete or anonymize your data securely.

We may contact you with relevant announcements or marketing if:

• •You signed up and have not opted out
• •It relates to products or services you use
• •You've given explicit consent

You can unsubscribe using the link in any message or email us at [email protected].

We honor Global Privacy Control (GPC) signals as valid opt-out requests where legally required.

We may use limited automated decision-making to optimize ad targeting or detect abuse. These processes do not produce legal or similarly significant effects on users.

If you are in the EEA or UK, you may object to profiling or automated decisions by contacting [email protected].

Depending on your location, you may have the right to:

• •Access, correct, or delete your Personal Data
• •Object to or restrict certain processing
• •Withdraw consent
• •Lodge a complaint with a supervisory authority

To exercise these rights, email us at [email protected]. We may require identity verification.

California residents have additional rights under the CCPA/CPRA, including:

• •Right to know what data we collect and share
• •Right to request correction or deletion
• •Right to opt out of Personal Data sharing
• •Right to non-discrimination

We do not sell Personal Data for monetary value. We respond to verifiable consumer requests within 45 days (or up to 90 days with notice).

To make a request, email [email protected].

Residents of Colorado, Connecticut, Utah, Virginia, and Nevada may have additional rights to:

• •Opt out of targeted advertising or profiling
• •Request corrections or deletions
• •Appeal a denied privacy request

Email [email protected] to exercise these rights.

We may update this Privacy Policy from time to time. If material changes are made, we will provide advance notice via email or site notification at least 14 days before the new terms take effect.

Last updated: June 19, 2025