Replicaby Data Karma

Privacy Policy

Last updated: December 11, 2024

Data Karma AI LLC ("Data Karma," "we," "us," or "our") operates Replica at replica.datakarma.ai, a synthetic Salesforce test data generation service. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our platform.

We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other privacy regulations.

Contact Information

Company: Data Karma AI LLC

Email: privacy@datakarma.ai

Website: replica.datakarma.ai

Quick Navigation

  1. 1. Information We Collect
  2. 2. How We Use Your Information
  3. 3. Legal Basis for Processing (GDPR)
  4. 4. Data Sharing and Disclosure
  5. 5. Third-Party Integrations
  6. 6. Data Retention
  7. 7. Your Privacy Rights
  8. 8. California Privacy Rights (CCPA)
  9. 9. Data Security
  10. 10. International Data Transfers
  11. 11. Cookies and Tracking
  12. 12. Children's Privacy
  13. 13. Changes to This Policy

1. Information We Collect

1.1 Information You Provide

  • Account Information: Name, email address, company name
  • Authentication Data: Password (stored securely hashed with bcrypt)
  • Communications: Messages, feedback, and support inquiries

1.2 Information We Collect Automatically

  • Usage Data: Pages visited, features used, generation history
  • Device Information: IP address, browser type, operating system
  • Log Data: Access times, error logs, performance data

1.3 Salesforce Connection Data

  • OAuth tokens (encrypted at rest with AES-256-GCM)
  • Salesforce org metadata (object and field definitions)
  • Picklist values and record types

Synthetic-First: Replica never reads, copies, or accesses your production Salesforce data. We only access your org's metadata (schema definitions) to generate compatible synthetic records.

2. How We Use Your Information

Service Delivery

  • Generate synthetic test data for your Salesforce orgs
  • Read your org schema to create compatible records
  • Insert generated data via Salesforce API
  • Store your templates and generation configurations

Communication

  • Send transactional emails (password resets, account notifications)
  • Provide customer support and respond to inquiries
  • Send product updates and feature announcements (with opt-out option)

Improvement and Analytics

  • Improve our data generation algorithms
  • Analyze platform usage to enhance features
  • Conduct product research and development

Legal and Security

  • Comply with legal obligations and regulatory requirements
  • Protect against fraud, security threats, and abuse
  • Enforce our Terms of Service

4. Data Sharing and Disclosure

We do not sell your personal information.

We may share your data in the following circumstances:

  • Service Providers: Cloud hosting (Vercel), database (Render), error monitoring (Sentry)
  • Salesforce Integration: Data you choose to generate is inserted into your connected Salesforce orgs
  • Legal Requirements: When required by law, court order, or government request
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (you will be notified)
  • Protection of Rights: To protect our rights, property, or safety, or that of our users

5. Third-Party Integrations

Replica integrates with the following third-party services. Each integration is governed by that service's privacy policy:

CRM Platforms

  • Salesforce (sandbox and scratch orgs)

Infrastructure

  • Vercel (hosting, SOC 2 Type II)
  • Render (database)
  • Sentry (error monitoring)

You control which Salesforce orgs are connected in your account settings. Disconnecting an org will stop data generation to that org.

6. Data Retention

We retain your personal information for as long as necessary to provide our services:

  • Active Accounts: Data retained while your account is active
  • After Account Closure: 90 days for operational purposes, then deleted
  • Backup Systems: Data may remain in backups for up to 90 additional days
  • Legal Obligations: Data retained as required by law

You can request deletion of your account and data at any time by contacting privacy@datakarma.ai.

7. Your Privacy Rights

Depending on your location, you may have the following rights:

Right to Access

Request a copy of the personal data we hold about you

Right to Rectification

Correct inaccurate or incomplete personal data

Right to Erasure

Request deletion of your personal data

Right to Restriction

Request limitation of how we process your data

Right to Data Portability

Receive your data in a machine-readable format

Right to Object

Object to processing for marketing purposes

To exercise any of these rights, contact us at privacy@datakarma.ai. We will respond within 30 days.

8. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Your CCPA Rights

  • Right to Know: Request disclosure of personal information we collect, use, and share
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: We do not sell personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights

Categories of Personal Information

  • Identifiers (name, email, IP address)
  • Commercial information (account interactions)
  • Internet activity (usage data, browsing behavior)
  • Professional information (company, job title)

To submit a CCPA request, email privacy@datakarma.ai with "CCPA Request" in the subject line.

9. Data Security

We implement industry-standard security measures to protect your personal information:

Technical Safeguards

  • TLS 1.3 encryption in transit
  • AES-256 encryption at rest
  • Secure OAuth 2.0 authentication
  • Bcrypt password hashing

Infrastructure Security

  • SOC 2 Type II compliant hosting (Vercel)
  • Automated security updates
  • DDoS protection and WAF
  • Regular backups

While we strive to protect your data, no method of transmission or storage is 100% secure. If you believe your account has been compromised, contact us immediately.

10. International Data Transfers

Your information may be transferred to and processed in the United States where our service providers operate. For transfers from the EEA, UK, and Switzerland, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable
  • Supplier certifications (e.g., EU-U.S. Data Privacy Framework)

11. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to improve your experience:

Essential Cookies

Required for authentication, security, and core functionality (cannot be disabled)

Preference Cookies

Remember your settings and preferences

We do not use third-party tracking cookies or analytics that track you across websites.

12. Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at privacy@datakarma.ai.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on our website with a new "Last Updated" date
  • Sending an email notification to your registered email address
  • Displaying a prominent notice in the application

Your continued use of our services after the effective date constitutes acceptance of the updated policy.

Questions or Concerns?

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

Email: privacy@datakarma.ai

We aim to respond to all inquiries within 30 days.