Privacy

Introduction

This Privacy Policy explains how replicated collects, uses and shares Personal Data in compliance with:

General Data Protection Regulation (GDPR (EU & UK)

California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)

Other applicable U.S. and international data privacy laws.

Replicated is committed to data security and transparency as a provider of enterprise SaaS Solutions. 

Your privacy is important to us. "Personal Data" as used in this Privacy Policy will have the meaning given to it under relevant data protection laws. The term "Personal Data" includes "personal information," "personally identifiable information," and equivalent terms as such terms may be defined by the relevant data protection laws  This privacy policy (“Privacy Policy”) describes our sources of collection of Personal Data, why we collect the information, what Personal Data we collect, how we collect it, and how we use and share it, as well as your options to opt out of collection or to control your Personal Data. We also share how we protect your Personal Data.

Replicated as a Controller vs. Processor

Replicated acts as either a Data Controller or Data processor depending on the context of data processing.  As a Controller Replicated determines the purpose and means of processing Personal Data for: 

Account Setup, authentication, and security

Billing ad servie related communications

Marketing, analytics and legal compliance

As a Process, Replicated processes Personal Data only on behalf of its enterprise customers under the Master Terms and Conditions and/or a Data Processing Agreement. When acting as a processor, Replicated does not control the data but secures and processes under the terms of the Agreement with the Customer.

Sources of Collection

Replicated collects Personal Data across a number of channels, including our websites, newsletters, events, webinars, your purchases (account setup process and usage and support of the Replicated products and services, including the Replicated platform itself). Information may be collected from you directly, from third party partners or customers of Replicated products and services, as well as cookies, analytics, and logs. Replicated may derive aggregated or anonymous data (i.e., data that is not associated with/linked to an identifiable individual or organization) from data collected through these means, including Replicated products and services.

How we protect your Personal Data

We take commercially reasonable measures, including physical, administrative and technical safeguards, to protect your Personal Data from unauthorized access, use, alteration, destruction and disclosure. Despite our taking reasonable security precautions and processes, no data transmission over the Internet can be guaranteed to be 100% secure. As a result, while we strive to protect all data we collect and process, we cannot guarantee the security of any data you transmit to or from our sites, and you do so at your own risk. If you have reason to believe that your Personal Data may no longer be secure (for example, if you feel that the security of an account has been compromised), please notify us immediately at privacy@replicated.com. Replicated products and services maintain certifications including AICPA Service Organization Control (SOC 2 Type 2). These reports are made available to our customers and partners under a suitable non-disclosure agreement. If we believe your personal data has been compromised, we shall notify you by email, or if no email or other contact information is available, then by making announcement on our website.

Fair and Lawful Basis

Replicated will only process Personal Data when we have a fair and lawful basis for the activity, including:

  • where you have given your consent, which you may revoke at any time with effect for the future, to process your Personal Data for a specific purpose, such as subscribing to receive marketing email or other communications from us about Replicated products and services;
  • as necessary to fulfill or perform a contract we enter into with you, such as when Replicated products and services are accessed and/or used, and providing technical support of Replicated products and services;
  • when we have a legal obligation, or the processing is in the public interest or in furtherance of a vital interest;
  • the processing is necessary to further our legitimate interests, which may include the performance of a contract with the organization you work for, improvement of our products or services, securing our systems and to protect against fraud, or to act on your request, such as when you request a whitepaper, register to attend a webinar, or make inquiries about Replicated products and services.

Why We Collect and How We Use Your Personal Data

Replicated collects and uses your Personal Data for the following purposes:

Deliver products and services, improve products and provide customer support

  • Facilitate the evaluation, purchase and delivery of Replicated products and services
  • Design, develop, and understand the use of Replicated products and services
  • Enable access to Replicated products and services, identification and authentication of Users of the products and services, submit feature enhancement requests and participate in community forums
  • Support your use of Replicated products and services, provide technical support, and resolve issues
  • Billing

Improve Products and Services and Internal operations

  • Analyze your use of Replicated products and services to drive improvements
  • Manage our sales and marketing activities, and measure corporate performance
  • Manage business continuity and disaster recovery operations

Marketing, events, and promotions

  • Deliver information (including advertising) about our company and Replicated products and services
  • Allow you to register for and attend webinars, events, and conferences
  • Improve the operation of our websites and effectiveness of marketing campaigns
  • Administer contests, promotions, surveys and focus groups

Fraud prevention, security, and compliance

  • Protect the security and integrity of Replicated products and services and data
  • Prevent fraudulent transactions, protect our intellectual property and other assets
  • Enforce Replicated’s legal rights and meet legal compliance obligations including corporate reporting, legal and regulatory compliance and fiduciary obligations

What do we collect?

We automatically collect and aggregate information when you visit our websites, request access to our newsletters or blogs, use our products and services and create accounts to access and obtain access or support or when you contact us. We use technologies, such as cookies, to enable functionality, measure website performance, and provide relevant information when you visit or return to our sites. We may also use this information to determine the effectiveness of content or the email messages you’ve subscribed to.

Websites

Replicated operates multiple websites, including but not limited to replicated.com.. Personal Data collected on those sites includes:

  • Various log data (including browser, location and device information): Any log data we collect is aggregated and used to improve the content of our web pages and the quality of our service.
  • IP addresses: IP addresses may be shared anonymously with third parties (e.g., Twitter) for advertising purposes, but are not otherwise used to track visitors.
  • Cookies: We use cookies to record current session information and manage account logins, but do not use permanent third party cookies. 

Newsletters, Blogs, Webinars, and Events 

Replicated operates multiple newsletters and blog sites and may host webinars and events. Personal Data collected via those services includes:

  • Email addresses: Email addresses are used only to communicate with subscribers.
  • IP addresses and location data: IP addresses and location data are used to gain visibility into where subscribers reside, for purposes of better understanding our reach.
  • Subscriber activity: We collect aggregate data such as newsletter open and click rates, and individual data such as whether subscribers open an email or click on a link.

Purchasing Products and Services; Account setup and Billing; Access and Use of Products and Services (including Replicated Platform)

Account Set up and Billing.  Signing up for an account with the Replicated products or services, including the Replicated Platform, requires providing several pieces of information including:

  • Company name
  • Names (e.g. technical contacts, support contacts, billing, Users)
  • Email address (e.g. technical contacts, support contacts, billing, Users)
  • Phone Numbers (e.g. technical contacts, support contacts, billing, Users)
  • Company Address 
  • Passwords
  • Billing Data (through third party payment processors) When purchasing products from us and related offerings, we use PCI/DSS-compliant services provided by third-party service providers to process payments. Replicated does not store or have access to your payment card information.

Any collection and usage of account data is also governed by a separate Terms of Service agreement.

Usage Data; Aggregated or anonymous data. Replicated may capture usage data which may include certain data deemed Personal Data and derive from that aggregated or anonymous data (i.e., data that is not associated with/linked to an identifiable individual or organization) from the usage data collected through Replicated products and services. Replicated may use and/or share aggregated/anonymous data for any lawful business purpose (including, without limitation, to develop and improve the Replicated products and services and to create and distribute reports and other materials).

Cookies; Cookie policy

A Cookie is a small piece of data that a website asks your web browser to store on your computer or mobile device. Cookies allow a website to identify a user's device whenever that user returns to the website and are commonly used to make websites work more efficiently and enrich the user experience, as well as to provide information about your use of the site. Cookies may be placed on your computer or mobile device by Replicated and other vendors on our behalf. Replicated uses Cookies and Other such tracking technologies to:

  • Operate a secure website to provide a reliable user experience;
  • Allow you to login to view content on secure areas of our websites;
  • Collect statistics regarding your website usage, such as time spent, pages viewed, and actions taken on our websites;
  • Allow us to measure and improve the effectiveness of our marketing activities; and
  • Deliver advertising about our products and services to you when you visit websites owned by other third-parties.

Replicated uses the following types of Cookies on our websites:

  • Strictly Necessary: These Cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site may not work. These Cookies do not store any personally identifiable information.
  • Functionality: These Cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these Cookies then some or all of these services may not function properly.
  • Performance: These Cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these Cookies collect is aggregated and therefore anonymous. If you do not allow these Cookies we will not know when you have visited our site, and will not be able to monitor its performance.
  • Targeting: These Cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant advertisements on other sites. They do not store directly Personal Data but are based on uniquely identifying your browser and device. If you do not allow these cookies, you will experience less targeted advertising.

How can I manage Cookies?

Most current browsers allow you to manage cookies stored on your computer. You may choose to reject all cookies, but this may result in our website not being accessible or having degraded functionality. Replicated with honor the relevant laws, including consents for Cookies as applicable under laws where Cookies are collected.

You may opt-out of Replicated’s use of Cookies through one of the following methods:

  • Change your browser settings to refuse Cookies or to indicate when a Cookie is being sent.
  • Remove or block browser Cookies using the settings in your browser, but that may impact your ability to use certain Replicated Offerings as they may not function properly with Cookies disabled.
  • Depending on your location, you can opt-out directly across different third-party advertising networks.   The relevant opt-out mechanisms may include:

Analytics services

Replicated uses Google Analytics to determine how users use our websites. Google Analytics uses cookies to gather information about which pages users access on the website and which sites users visited prior to accessing a Replicated website. Google Analytics will collect only IP Address assigned to the user on the day they visit the website, we do not combine Google Analytics with any personally identifying information. We use Google Analytics only to improve our websites.

When we share your Personal Data and the Purposes for which we may share your Personal Data

Replicated may engage sub-processors to Process your Personal Data. The agreed list of sub-processors currently engaged by Replicated and authorized by Customer are available at https://docs.replicated.com/vendor/policies-infrastructure-and-subprocessors. Replicated will update its list of authorized sub-processors when applicable.

Replicated does not sell, lease, or trade the Personal Data we collect from you. However, Replicated may share Personal Data with third parties for the following purposes: 

Delivery of Products and Services. We may provide access or transfer your Personal Data to authorized Replicated personnel, and third-party service providers, including service providers and processors as defined under the California Consumer Privacy Act and the European Union’s (“EU”) General Data Protection Regulation (“GDPR”), respectively. This includes third-party service providers who help us market, provide support, maintain or service Replicated products and service, or otherwise support our business operations.

Product Development and Security Practices.  Replicated follows software development best practices, engages in security and privacy training of its employees, uses appropriate data encryption practices, and engages in vendor/subprocessor reviews and approvals prior to implementing vendors/subprocessors Replicated maintains internal committee oversight and uses GRC platforms for continuous analysis of its compliance with applicable industry standards.

Legal Requirements. Because Replicated must comply with applicable laws including local legislation, regulations and the orders of courts or other lawful authorities, other lawful requests, or official legal processes, or pursue our legitimate interests to enforce or establish our legal rights, we may sometimes be required to disclose your Personal Data to government agencies and law enforcement officials. Necessary circumstances when this may occur include response to subpoenas, court orders, other legal process or as required by law or to prevent or take action regarding suspected illegal activities, fraud or software piracy, and situations involving potential threats to the physical safety of any person, or in cases where we believe our intellectual property rights may be violated. We may share your Personal Data in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or as otherwise required by law

Advertising. Replicated may share Personal Data with third-party service providers, such as advertising networks, to deliver targeted advertisements using aggregated Personal Data that is derived from profile data processed by Replicated and provides such third-parties with general statistics relating to the advertisements delivered.  For example, we occasionally (and automatically) send anonymous data about site visitors to third-party platforms for the purposes of targeted advertising. Individuals who have visited our site while logged into Twitter might see relevant ads in their timeline, although Replicated does not know who visited the site or who is served such ads. You have a right to opt out of such sharing.  Please visit “Withdrawing your Consent” section below for more information on managing marketing or commercial communications from Replicated.

Identify Verification and Customer Research: We use Personal Data provided during the account setup process in order to determine who is signing up and to qualify sales leads. In this case, information may be combined with Personal Data from other sources in order to verify identity and assess business prospects. The Personal Data shared with third parties for the purposes outlined above may include: your contact information, such as your name, e-mail address, telephone number, mailing address, country/region, company name, and job title, along with your recent interactions with our business applications, and event attendance.  Replicated requires our third-party service providers to take commercially reasonable steps to safeguard your Personal Data, comply with applicable laws and regulations, and to not use your Personal Data for other purposes unless you have provided consent, or an alternative lawful basis exists to do so.

Merger or Acquisition. We may also provide access to, assign, or disclose your Personal Data, where absolutely necessary, in connection with a corporate transaction, such as a merger, acquisition, or purchase of all or a portion of our company assets. For example, IP addresses and location data are used to gain visibility into where subscribers reside, for purposes of better understanding our reach.

International transfers of information

Replicated is committed to ensuring continuity of adequate protection and lawful processing of Personal Data regardless of the jurisdiction. Where it has a legal basis to do so, Replicated may transfer your Personal Data outside of your country to the relevant customer, a third-party service provider, or business partner to operate our business and to fulfill the purposes described in this Privacy Policy. By virtue of this Privacy Policy you are aware that when using our websites or providing any Personal Data to us, where applicable law permits and unless otherwise specified in a separate specific notice, the processing of such information may take place outside the country of collection where data protection standards may be different. We will always seek to localize Personal Data when possible. Several lawful bases exist for Replicated to ensure adequacy of data protection when engaging in cross border transfers. Replicated will also execute a Data Processing Addendum (“DPA”) to facilitate the lawful transfer and adequate protection of Personal Data across jurisdictions as required by applicable data protection laws.

The Replicated Distribution Solution and database servers are located in the United States using Amazon Web Services and Google Compute Engine services.  

The Replicated Compatibility Matrix Solution (CMX) uses application and database servers located in the Netherlands using Hetzner (https://www.hetzner.com/).  

Replicated will protect all Personal Data in accordance with this Privacy Policy wherever it is processed and take appropriate steps to protect your Personal Data in accordance with applicable laws. 

For Users located in the European Economic Area (EEA) or the United Kingdon (UK), when transferring data outsid the EEA/UK we ensure legal safeguards, such as transferring Personal Data under the European Commission’s Standard Contractual Clauses (SCCs), conduct Transfer Impact Assessments (TIAs) to ensure compliance with applicable data protection laws, localize data where applicable.  

Marketing communications from Replicated

Replicated may communicate information, surveys, marketing materials, advertisements or customized content which has been personalized to make it more relevant to you as part of your existing business relationship with Replicated. For example, we may do so where you have not unsubscribed from receiving such communications and it is permitted by law, where you have explicitly agreed to receive such communications, where you use free services which rely upon advertising (including targeted advertising based on profile information), or through utilizing aggregated data or data that has been made anonymous. Replicated may ask you from time to time if you would like to receive additional announcements, news, offers or event invitations regarding Replicated and Replicated products and services. You may also choose to provide Replicated with Personal Data in response to various Replicated promotions. If you agree to participate in surveys, giveaways, reviews, or other promotions that Replicated sponsors or co-sponsors, please ensure that you read the notice that may be associated with these initiatives in order to obtain further details about how your Personal Data will be managed.

An unsubscribe mechanism is included with every Replicated marketing or commercial communication. You can update your information, review your communication preferences, or stop receiving further communications from us by following the instructions contained within each communication we send you. 

When you visit or log in to our website, cookies and similar technologies may be used by our online data partners or vendors to associate these activities with other Personal Data they or others have about you, including by association with your email. We (or service providers on our behalf) may then send communications and marketing information to these emails.

Please visit the section below in “Withdrawing Your Consent“ section below for more information on managing marketing or commercial communications from Replicated.

Service-related communications from Replicated

Replicated may also send you certain service-related communications. For example, Replicated may send a welcome email or message when you first activate a Replicated offering to inform you about the service and its terms, to notify you of important changes, to tell you how to manage your credentials or account, to provide service infrastructure notifications or information about upgrades or updates, to provide support information, safety or security information, or for surveys of current or former users. Because such service-related communications are necessary for the use of your Replicated products and services, you may not opt-out of receiving these communications.

How long we store your Personal Data

We retain your Personal Data for the period necessary to fulfill the purposes outlined in this Privacy Policy, including compliance with legal, contractual, tax, accounting, or reporting obligations, or to comply with or to fulfill our business or operational requirements. For example, billing information may be retained for seven (7) years to comply with tax regulations.  Once the applicable retention period expires, we securely delete or anonymize the data unless further retention is required by applicable law.  . 

At the expiry of the applicable data retention periods, Replicated will take steps to have your Personal Data deleted, aggregated or made anonymous, unless further retention is required by applicable laws. Consistent with good business practice, Replicated continues to evolve our controls, schedules and practices for information and records retention and destruction which apply to your Personal Data.

Non-Personal Data, such as samples of potentially malicious software or anonymized data, may be retained indefinitely for the purpose of improving the performance of Replicated products and services.

Your Personal Data rights

At Replicated we aim to provide the transparency you need to exercise your rights. Below you will find information on your Personal Data rights as well as how to make requests.

If you are a resident in the EEA/UK and covered by the (UK) GDPR and where Replicated products and services have been deployed within an organization and Replicated is processing your Personal Data on behalf of such organization, such as your workplace or business, then the customer agreement and DPA entered between Replicated and the organization shall apply.

Where Replicated is the Controller of the Personal Data collected and if you are a resident of the State of California, your rights are addressed in this Privacy Policy under Your California privacy rights and Replicated’s practices.

Depending on the jurisdiction where you are located, you may also have the right to contact your local data protection supervisory authority to lodge a complaint against Replicated.

Accessing, rectifying and deleting your Personal Data

Upon written request, Replicated will inform you whether it holds Personal Data about you and provide you with your Personal Data within a reasonable timeframe and at minimal or no cost in accordance with applicable laws. If you identify an inaccuracy or incompleteness in your Personal Data, Replicated will amend your information and notify any third parties as required by applicable laws.

Upon written request, and to the extent authorized under applicable law, Replicated will also erase any Personal Data it holds about you using reasonably appropriate technical measures when:

  • it is no longer necessary to process your Personal Data;
  • you withdraw your consent to processing unless some other lawful basis exists for Replicated to continue to process your Personal Data;
  • you object to the processing and no overriding legitimate grounds exist for Replicated to process your Personal Data;
  • the Personal Data has not been lawfully processed by Replicated; or
  • you have a legal obligation imposed under EU or EU member state law to which Replicated is subject.

You may exercise the above rights at any time by notifying the Privacy Office at Replicated at privacy@replicated.com.

In certain situations, and depending on applicable laws, Replicated may not be able to provide you a copy of your Personal Data it holds about you if access may adversely affect the rights and freedoms of others. For example, Replicated may not provide access to Personal Data if doing so:

  • would likely reveal Personal Data about a third-party;
  • would reveal Replicated or third-party confidential information;
  • could reasonably be expected to threaten the life or security of another individual;
  • includes information that is protected by solicitor or attorney client privilege; or
  • includes information that was processed in relation to the investigation of a breach of an agreement or a contravention of a law.

In order to safeguard your Personal Data from unauthorized access, Replicated may ask that you provide sufficient information to identify yourself prior to providing access to your Personal Data.

Depending on the circumstances and subject to applicable laws, Replicated may deny processing your request or charge a reasonable fee if:

  • we are unable to verify and authenticate your identity;
  • it is unreasonably repetitive or automated; or
  • otherwise excessive, for example if the request is malicious in intent and is being used to harass Replicated or its employees with no other purpose pursued than to cause disruption.

Withdrawing Your Consent

Generally: You may withdraw your consent at any time by notifying the Privacy Office at Replicated at privacy@replicated.com.

At any time, you may withdraw your consent for Replicated to process your Personal Data in the future in accordance with this Privacy Policy (to the extent we base processing on consent), subject to legal or contractual restrictions. For example, although you can use Replicated products and services for some purposes without providing us with any Personal Data, Replicated may need to process Personal Data for some services, including those that require payment or involve an ongoing relationship such as registration or subscription services. As such, Replicated may continue to use your Personal Data as may be required to provide you with requested services, and to the extent that Replicated is contractually obligated to do so or as necessary to enforce any contractual obligations you may have with Replicated. If you refuse to provide Replicated with the Personal Data it requires or later withdraw your consent to use and disclose this information, Replicated may no longer be able to provide you with your Replicated products and services.

Marketing or commercial communications: You may unsubscribe from receiving marketing or commercial communications about Replicated or Replicated products and services by:

  • clicking the unsubscribe link at the end of any marketing or commercial communication from Replicated; or
  • by writing to Replicated Privacy Office c/o Replicated (attention Privacy Department), privacy@replicated.com and advising what particular types of marketing or commercial communications you no longer wish to receive.

AI, Automated Processing and Profiling. 

Replicated may also use automated decision-making technologies, including profiling to deliver targeted advertisements. If you are a resident of EEA/JK, you have a right to object to automated processing, including profiing, that produces legal of similarly significant effects.  To exercise this right contact us at privacy@replicated.com.

Additional disclosures for California residents

This “Additional disclosures for California residents” section is intended to describe our practices and your rights under the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”) (Civil Code Section 1798.100, et seq.) (collectively “California Law”). This section provides rights and other terms relating to your Personal Data that are in addition to those provided in this Privacy Policy (see above). These additional rights and other terms are only available to California residents about whom we collect Personal Data. This section takes precedence over the Privacy Policy with respect to your Personal Data for California residents if there is a conflict between the two. Any terms not defined in this section have the same meaning as defined in California Law. Additionally, any reference to Personal Data in this section has the same meaning as personal information as defined by California Law.

We do not sell, rent or lease your Personal Data we collect from you. We may share your Personal Data with third parties or allow them to collect Personal Data from our sites or services if those third parties are authorized service providers or business partners who have agreed to our contractual limitations as to their retention, use, and disclosure of such Personal Data, or if you use Replicated sites or services to interact with third parties or direct us to disclose your Personal Data to third parties.

Replicated products and services are built for enterprises and are not directed to individuals aged 16 and under or those not of the age of majority in your jurisdiction, and we request that these individuals, or others on their behalf, not provide us with their data. We do not knowingly sell or share the Personal Data of consumers under 16 years of age.

What Personal Data We Collect.

For information on how we collect your Personal Data and the uses of the Personal Data, please refer to the “What we collect and how we use your Personal Data” section above.

How We Disclose, Share or Sell Your Personal Data.  For information on how we collect your Personal Data and the uses of the Personal Data, please refer to the “What we collect and how we use your Personal Data” section above.  We also may disclose your Personal Data with your consent or authorization, or any other purpose disclosed to you at the time you deliver the data. 

Sales and Sharing. We do not sell or share the Personal Data we collect from you for direct, monetary profit or otherwise as defined under the CCPA. 

Data Retention. We may retain all categories of your Personal Data (see above) for a period of time consistent with the original purpose of collection (see above) or as long as required to fulfill our legal obligations. We determine the appropriate retention period for Personal Data on the basis of the amount, nature, and sensitivity of the Personal Data being processed, the potential risk of harm from unauthorized use or disclosure of the Personal Data, whether we can achieve the purposes of the processing through other means, and on the basis of applicable legal requirements (such as applicable statutes of limitation).  After expiry of the applicable retention periods, your Personal Data will be deleted. If there is any data that we are unable, for technical reasons, to delete entirely from our systems, we will implement appropriate measures to prevent any further use of such data.

Your Rights and Choices under California Law

Below please find a description of key rights California residents have under California Law and an explanation of how to exercise those rights with us.

  • Right to Know. If you are a California resident, you have the right to request that we disclose certain information to you about our collection and use of your Personal Data.
  • Right to Delete. You have the right to request that we delete some or all of the Personal Data we have pertaining to you. Once we receive and confirm your verifiable consumer request, we will then delete (and direct our service providers to delete, if applicable) your Personal Data from our records, unless a lawful basis exists to retain it. We may deny your deletion request if we are unable to verify your identity or if we are not required to delete your Personal Data under the CCPA.
  • Right to Correct Inaccurate Personal Data. You have the right to request that we correct any of the Personal Data that we maintain about you.
  • Right to Opt-Out of the Sale or Sharing of Personal Data. If Replicated sells or shares Personal Data about you to third parties, you may have the right to opt out and request that Replicated not sell or share your Personal Data.
  • Right to Non-Discrimination. Replicated values the security and privacy of its customers and will not discriminate against you for exercising any of your California Law rights. If you exercise certain rights, understand that you may be unable to use or access certain features of the Services. Unless permitted by applicable law, we will not: (i) deny you goods or services; (ii) charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties; (iii) provide you a different level or quality of goods or services; or (iv) suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services. However, we will deny your request if (i) we cannot verify your identity or (ii) the disclosure creates a substantial, articulable, and unreasonable risk to the security of your Personal Data, your account with us, or the security of Replicated’s systems or infrastructure.
  • Replicated recognizes and honors Global Privacy Control (GPC) signals as a valid means for California residents to exercise their right to opt out of the sharing of their Personal Data. When GPC signal is detected from a California resident’s browner, we will automatically process the request in accordance wih applicable privacy laws. 

Exercising Your California Law Rights

You do not need to create an account with us to exercise your California Law privacy rights. To exercise the rights described above, please submit a consumer request to us by emailing:privacy@replicated.com.

To exercise your right to know, delete, or correct your Personal Data as described above, we need to verify your identity or authority to make the request and confirm the Personal Data relates to you. We will not provide you with Personal Data if we cannot verify your identity or authority to make the request and confirm the Personal Data relates to you. Making a verifiable consumer request does not require you to create an account with us. We use Personal Data provided in a verifiable consumer request solely to verify the requestor's identity or authority to make the request.

These requests may be made only by you, your parent, guardian (if you are under 18 years or age), conservator, a person to whom you have given power of attorney pursuant to California Probate Code sections 4000 to 4465, or an authorized agent. As permitted under California Law, we may request that an individual submitting a request on behalf of a consumer submit proof that they are an authorized agent of the subject consumer, as well as verify the consumer’s identity. To protect your Personal Data, we reserve the right to deny a request from an agent that does not submit adequate proof that you authorized them to act for you.

We are only required to respond to a verifiable consumer Right to Know request twice within a 12-month period. The verifiable consumer request must provide sufficient information to allow us to verify you (or an authorized agent) are the person about whom we collected Personal Data.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Once we have verified a request from a California resident, we will confirm receipt of the request within 10 days and explain how we will process the request. We will then respond to the request within 45 days. We may require an additional 45 days (for a total of 90 days) to process your request, but in those situations, we will provide you a response and explanation for the reason it will take more than 45 days to respond to the request. Our responses will include required information under California Law.

Additional disclosures regarding Nevada, Colorado, Connecticut, Utah, and Virginia

For users residing in Nevada, Colorado, Connecticut, Utah and Virginia, you also have rights with respect to the Personal Data that we collect about you. In addition to the rights that are available to residents of California, if you are a resident of one of these states, you may also have the right to:

  • Opt-out of the processing of your Personal Data for the purposes of targeted advertising and for profiling in furtherance of decisions, including, for residents of Connecticut, solely automated decisions, that produce legal or similarly significant effects; and
  • Appeal any decision or indecision related to the exercise of any right the consumer is granted under the applicable state law.

If you would like to exercise any of your rights under applicable law (including the right to appeal), please email privacy@replicated.com.

Additional disclosures regarding Nevada

Nevada law gives residents of Nevada the right to request that a company not sell their Personal Data for monetary consideration to certain other parties.  This right applies even if your Personal Data is not currently being sold.  If you are a resident of Nevada and wish to exercise this right, please email privacy@replicated.com.

Additional disclosures regarding EEA/UK Personal Data

For data subjects who are in the EEA/UK, and to the extent allowed under the GDPR, you have the right to request details of the Personal Data we have about you, update inaccurate information about you, request that your Personal Data be deleted, restrict processing of your Personal Data, data portability, and object to the collection or use of Personal Data that we process based on our legitimate interests as a company or for direct marketing purposes. In some cases, you may be directed to make your request to the organization who licensed our software or services. If you wish to exercise these rights, please submit a request to privacy@replicated.com.

If you live in the EEA/UK and are dissatisfied with our use of your Personal Data or our response to a request, you have the right to lodge a complaint with your local supervisory authority. You may find contact details on edpb.europa.eu.

Transfers under EU Standard Contractual Clauses and UK Data Transfer Addendum

With respect to Personal Data subject to the GDPR, Replicated will process data in compliance with the GDPR, including when and where Replicated is deemed a “Data Processor” under GDPR, Replicated will executed with customers with GDPR compliance obligations (Data Controllers) Data Protection Addenda that incorporate the current EU Standard Contractual Clauses (SCCs) and Transfer Impact Assessments (TIAs) to ensure an adequate level of protection throughout the data processing lifecycle. 

Changes

Replicated may periodically update this policy. We will notify you about significant changes in the way we treat Personal Data by sending a notice to the primary email address specified in your Replicated primary account holder account or by placing a prominent notice on our site. Such notice will be given at least 14 days’ in advance of the date the new policy will be applied.

This privacy policy was last updated April 1, 2025.

Questions

We value your privacy and your input.  Any questions about this Privacy Policy or our collection and use of your Personal Data should be addressed to privacy@replicated.com.

Company

About UsBlogCareersSecurity

Projects

EnterpriseReadyGitHubModern On-PremChartSmithK8s Compatibility Testing

Developers

DocumentationAPI ReferenceCLI ReferenceCommunitySupport

Find Us On

Subscribe to our newsletter

The latest news, articles, and resources, sent to your inbox.

I agree to receive communications from Replicated. View our Privacy Policy.

This site uses reCAPTCHA to fight spam. The Google Privacy Policy and Terms of Service apply.

Thank you! You've been added to our monthly newsletter.
Oops! Something went wrong while submitting the form.

© 2025 Replicated, Inc. All Rights Reserved.

TermsPrivacySecuritycontact@replicated.com(323) 621-3034