FREQUENTLY ASKED QUESTIONS
Everything you need to know about ReplicaZero, data security, and enterprise integrations.
For Users
ReplicaZero is a digital identity vault that lives exclusively on your phone. Instead of typing your personal data into giant forms across the internet, you fill your Vault once and share it securely with a single tap. Your data, your rules.
Yes. The app and your local vault storage are 100% free, forever. Our business model is based on charging the companies that request data, not you.
We use military-grade AES-256-CBC encryption. Your data is encrypted and stored locally on your device. The encryption key is protected by your device's biometric security (FaceID/TouchID). Not even ReplicaZero can read your vault.
No. ReplicaZero requires no account creation, no email validation, and no passwords. Your identity is tied cryptographically to your physical device.
Once you share data with a company, it falls under their privacy policy. However, every time you share data, ReplicaZero generates an immutable 'Consent Receipt' that proves exactly what you shared and when, giving you a legal audit trail to hold them accountable under laws like GDPR and CCPA.
No. ReplicaZero is built on a Zero Trust architecture. When you approve a request, you are sending a one-time encrypted package. It does not create an open connection to your Vault. If you update your data later, the company will not automatically receive the updates unless you explicitly consent to a 'LiveSync' connection in the future.
Because your data is only on your device, losing your phone means losing your Vault. To prevent this, you can enable an encrypted Cloud Backup using a 12-word Seed Phrase. Without this Seed Phrase, your data is permanently inaccessible if your device is lost.
A DropLink is a feature that allows you to actively send your data to a participating company, rather than waiting for them to request it. It's like dropping a digital business card.
Yes. Our servers act as a 'blind tunnel'. We only route encrypted packages from your phone to the company. Even if our servers are compromised, hackers would only find mathematically unbreakable noise, not your personal data.
We use your local device security (Face ID, Fingerprint, or PIN) to unlock the encryption key that decrypts your Vault. Your biometric data or PIN never leaves your device.
For Business
Legacy KYC and registration forms are tedious and lead to >70% abandonment. With ReplicaZero, e-commerces can add a 'ReplicaZero Button' at checkout. Users simply input their ZeroTag, approve the request on their phone, and your UI is instantly populated with pristine data.
It means you don't have to worry about our servers becoming a permanent honeypot. We do not store your customers' PII. Our Core decrypts the payload solely in volatile memory to route the Webhook to your API over TLS, ensuring no sensitive data rests in our databases.
Every transaction generates an immutable Cryptographic Consent Receipt stored in our database. It contains a hash of the requested scope and a digital signature from the user's device, mathematically proving they consented.
The flow is asynchronous. Once the user approves the request on their mobile device, ReplicaZero fires a Webhook to your backend containing the encrypted payload.
You can request any standard field (Name, Email, SSN) and also configure custom business rules and data masks for specific industry needs within your Integration Profile.
Because every ReplicaZero Vault is bound to a physical device's Secure Enclave, it is incredibly expensive and difficult for bad actors to generate thousands of fake identities automatically.
With our Live Sync feature, if a user updates their address or phone number in their Vault, your system can be automatically notified of the change via Webhook, eliminating data decay.
With the specialized tools we've developed for creating Integration Profiles, the integration time can be drastically reduced, taking a fraction of the time compared to building standard identity verification flows.
No. Data in transit is held only in an ephemeral cache for a maximum of 24 hours (for manual CSV downloads) and is immediately purged. Our persistent databases store only configurations and Consent Receipts.
Uplink is a standard request: You ask, the user approves. CrossLink is reverse-onboarding: Your company inputs the client's data, generating an OTP sent to the client's email. Once the client shares the OTP with you and you validate it, the data flows instantly into your internal systems via Webhook. The client then has 24 hours to download the app and 'claim' that data into their Vault.