← Back to home

Privacy Policy

Last updated: 1 January 2026

1. Information We Collect

When you create a Rhodium account we collect your username, email address, and a bcrypt-hashed password. We never store your plaintext password.

When you activate a token we store the token, an encrypted license secret, your subscription tier, and expiry date as provided by KeyAuth.

For free trial fraud prevention we temporarily store your IP address and a browser fingerprint token. This data is used solely to enforce the one-trial-per-device policy.

2. How We Use Your Information

  • To authenticate you and maintain your session
  • To manage and display your subscription status
  • To prevent abuse of the free trial system
  • To provide support when you contact us

We do not sell, rent, or share your personal data with third parties for marketing purposes.

3. Third-Party Services

KeyAuth — Token validation is handled by KeyAuth. When you activate a token, the associated license secret and a session token are sent to KeyAuth servers. Their privacy policy applies to that data.

Stripe — Payment processing is handled by Stripe. We never see or store your card details. Stripe's privacy policy applies to all payment data.

4. Data Retention

Your account data is retained for as long as your account is active. You may request deletion of your account and all associated data by contacting us. Trial fraud-prevention records (IP/fingerprint) are retained for 90 days.

5. Cookies & Sessions

We use a single HttpOnly, SameSite=Strict cookie to maintain your login session. This cookie cannot be accessed by JavaScript and is not used for tracking or advertising.

6. Security

All data is transmitted over HTTPS. Passwords are hashed with bcrypt. Sessions are signed JWTs verified on every request. We apply standard security headers (X-Frame-Options, CSP, etc.) to all responses.

7. Your Rights

You have the right to access, correct, or delete your personal data. To exercise these rights, contact us via the support channel in your client area. We will respond within 30 days.

8. Changes to This Policy

We may update this policy from time to time. The date at the top of this page reflects the most recent revision. Continued use of Rhodium after changes constitutes acceptance of the updated policy.