Privacy Policy — ReplicaZero
Version: 1.0 — MVP
Effective date: June 28, 2026
Last updated: June 28, 2026
Note: The official and legally binding version of this Privacy Policy is written in Brazilian Portuguese. This English version is provided for informational purposes only. In case of any discrepancy, the Portuguese version shall prevail.
1. Who We Are
ReplicaZero [Legal name to be inserted]
Company registration: [to be filled]
Headquarters: Curitiba, State of Paraná, Brazil
Privacy contact: [email protected]
ReplicaZero operates the Application and acts as the controller of the account registration data we collect (described in Section 3.1). For the personal data transiting through the platform (Uplinks, DropLinks, and CrossLinks), ReplicaZero acts as a processor under the instructions of the respective partner companies (which act as controllers of the received data). Regarding the personal data stored locally on your device (Vault), you are the exclusive data subject with full control over it, and ReplicaZero does not perform any permanent storage or custody.
2. Our Philosophy: Your Data Is Yours
ReplicaZero was built on a premise different from virtually every technology you use: we treat personally identifiable information (PII) as a toxic asset we do not want to hold.
The traditional model forces companies to become custodians of data they don't need. We built the opposite:
- Your personal data (name, national ID, address, documents) lives on your phone, encrypted, and only leaves when you explicitly approve.
- Our servers act as a "blind tunnel" — they transport encrypted packets without holding the key to open them.
- If our servers were breached, an attacker would find only cryptographic noise. We mathematically do not possess the contents of your vault.
This is not a marketing promise. It is a direct consequence of our technical architecture.
3. Data We Collect
When you create an account in the Application, we collect a minimal set of data necessary for the service to function:
3.1 Account Data
| Data | Why we collect it |
|---|---|
ZeroTag (@handle) | Your unique identifier on the ReplicaZero network. Required for routing data transactions between you and partner companies. |
| Email address | Communication channel for important notifications, support, and exercising your rights. |
| RSA-2048 Public Key | A technical cryptographic component generated on your device during onboarding. Transmitted to the backend so partner companies can encrypt data envelopes addressed to you. Not a sensitive data element. |
| FCM Token (Push Notification Token) | Generated by Firebase (Google) and required for the Application to receive transactional push notifications (e.g., "Company X is requesting your data"). |
| Device ID | Automatically collected by the Application to link your account to your device and ensure security integrity (prevention of unauthorized access). This is personal data under LGPD and GDPR. |
3.2 Consent Metadata (Consent Receipts)
Each time you approve a data sharing request, the system generates a Consent Receipt — an immutable cryptographic record of your authorization. This record contains:
- Exact date and time of approval
- Identifier of the company that received the data
- Identifier of the shared fields (
scope_hash) - Digital signature of your device
Important: The Consent Receipt does not contain the content of your data. It records only that sharing occurred, when it occurred, with whom, and which fields were authorized — without storing the values of those fields on our servers.
3.3 Internal Operational Data
To ensure the security and integrity of the platform, we internally generate operational control data that is never provided by the user, such as ZeroTag status (active, under review, suspended) and metadata for protection against abusive account name registration. These are used exclusively for platform operation.
4. The Vault: Data That Stays Only on Your Device
The Vault is the local identity vault of the Application. It is where your personal data actually lives.
4.1 What's in the Vault
- Full name, national ID (CPF), and other documents
- Address, personal email, phone number
- Any other fields you register in your profile
4.2 How the Vault is Protected
The Vault is a locally encrypted database using AES-256 in CBC (Cipher Block Chaining) mode. The key protecting it (hive_master_key) is generated locally and stored securely in the system keychain of your device (Android Keystore / iOS Keychain). The 12-word BIP-39 Seed Phrase is used exclusively in the optional backup and data recovery process, and is not processed during daily app usage.
This key and the Seed Phrase are your exclusive responsibility. ReplicaZero does not store them, does not know them, and cannot recover them.
4.3 What ReplicaZero Cannot Do
- Cannot access the content of your Vault (servers don't hold the key)
- Cannot recover your data if you lose your device and have no backup
- Cannot share your data with third parties without your active approval
5. How We Use Your Data
We use the data collected (Section 3) for the following purposes:
| Purpose | Legal basis (LGPD) |
|---|---|
| Provide the service: routing Uplinks, DropLinks, and CrossLinks | Art. 7, V — contract performance |
| Send transactional push notifications (data requests from partner companies) | Art. 7, V — contract performance |
| Platform security, fraud and abuse prevention | Art. 7, IX — legitimate interest |
| User support | Art. 7, V — contract performance |
| Maintaining consent records (Consent Receipts) for audit and legal compliance | Art. 7, II — legal obligation |
ReplicaZero does not use your data for:
- Third-party advertising or marketing
- Behavioral profiling for commercial purposes
- Selling or sharing data with data brokers
6. Push Notifications
The Application uses Firebase Cloud Messaging (FCM), by Google LLC, to send push notifications to your device.
Notifications sent by ReplicaZero are exclusively transactional — directly related to the service's operation (e.g., "Company X sent a data request", "Your DropLink was received").
ReplicaZero does not send marketing or engagement notifications without your request.
7. Data Sharing
7.1 With Partner Companies (Businesses)
Your personal data (in the Vault) is only transmitted to a partner company when you actively approve the request (tap "Accept" in the Application). Each approval generates a Consent Receipt (Section 3.2).
If you reject a data request, no personal data will be shared. The system will only generate a technical interaction log indicating the rejected status, and you may optionally provide a reason for the rejection as feedback to the requesting company.
ReplicaZero is not responsible for how the partner company uses the data after receiving it. Each company has its own terms of use and privacy policy, which you should review before sharing.
7.2 With Infrastructure Providers
To operate the service, we use the following providers:
| Provider | Purpose | Country |
|---|---|---|
| Amazon Web Services (AWS) | Backend hosting (database, application servers) | USA |
| Cloudflare | CDN, protection and delivery of web frontends | USA |
| Firebase (Google LLC) | Push notification service (FCM) | USA |
These providers act as data processors under LGPD and are contractually obligated to protect the information processed on our behalf.
7.3 App Stores (Distribution Channels)
The Application is offered and distributed through the official stores: Apple App Store (for iOS devices) and Google Play Store (for Android devices). Downloading, installing, and updating the Application are subject to the policies and terms of the respective app stores, which act as independent controllers for their distribution services.
7.4 By Legal Obligation
We may disclose data when required by law, court order, or request from a competent authority.
7.5 We Never Sell Your Data
ReplicaZero does not sell, rent, or trade your personal data with any third party.
8. Security
ReplicaZero was designed with security as a fundamental architectural principle, not an additional feature.
8.1 Zero Trust
Our system operates under the "Never trust, always verify" principle. Each data transaction requires a new cryptographic authorization. There are no open sessions or implicit persistent permissions on the server.
8.2 Zero Knowledge
Our servers transport end-to-end encrypted data without possessing the keys to decrypt it. In the event of a server breach, an attacker would find only unreadable encrypted data.
8.3 Cryptographic Standards
- Data transmission (Peer-to-Business): AES-256-GCM with RSA-OAEP-SHA-256 envelope
- Local storage (Vault): AES-256-CBC with local master key protected by Android Keystore / iOS Keychain. The BIP-39 standard is restricted exclusively to the backup and recovery flow.
- Local authentication: Biometrics or PIN via
local_auth(used solely to unlock the in-memory app session) - Backend communication: TLS 1.3
8.4 Limits of Our Guarantee
No system is unbreakable. While our architecture dramatically minimizes risks, the security of your Vault also depends on the security of your device. We recommend keeping your operating system updated, using a PIN or biometrics, and not sharing your device with unauthorized individuals.
9. Backup and Data Recovery
Backing up your data is a fully optional process of your choice. To reduce friction on first use, backup configuration is not performed during the initial onboarding. You can activate it at any time via the Settings menu of the Application.
The Application allows you to export a backup of your Vault as an encrypted file (.rz0). You choose where to store this file (Google Drive, iCloud, email, USB drive, etc.). ReplicaZero does not receive or store this file.
Restoring the backup requires the 12-word BIP-39 Seed Phrase generated when you activate backup in the Settings menu. Store it securely offline.
Important notice: ReplicaZero does not have access to your Seed Phrase and cannot recover your data. If you lose your device, uninstall the Application without making a backup, and do not have your Seed Phrase, your Vault data will be permanently inaccessible. This is a direct consequence of our privacy architecture — the cost of data sovereignty is responsibility for its custody.
10. Data Retention
| Data | Retention Period |
|---|---|
Account data (zero_tag, email, public_key, device_id, fcm_token) | Until account deletion by the user |
| Consent metadata (Consent Receipts) | 5 (five) years after the transaction, even after account deletion, per legal record-keeping requirements |
| Technical operation logs (IPs, access timestamps) | 90 (ninety) days |
11. International Data Transfers
The data we collect (Section 3) is processed on Amazon Web Services (AWS) and Cloudflare servers, companies headquartered in the United States.
This transfer is carried out pursuant to LGPD Article 33, II, with appropriate contractual guarantees and the security certifications maintained by these providers, including ISO 27001 and SOC 2 compliance.
12. Your Rights
As a data subject, you have the following rights:
| Right | How to Exercise |
|---|---|
| Access — know what data we hold about you | Contact [email protected] |
| Correction — correct incomplete or outdated data | Via the Application or [email protected] |
| Deletion — request elimination of your data | Via "Delete my account" screen in the Application or [email protected] |
| Portability — receive your data in structured format | Contact [email protected] |
| Information about sharing — know with whom we share your data | Described in this Policy; also see your Consent Receipts in the Application |
| Consent revocation — withdraw consents granted | Via the Application |
Response time: We will respond to requests within 15 (fifteen) business days from receipt.
About account deletion and service limitations: Upon deleting your account, the account data listed in Section 3.1 is permanently deleted from our servers. Consent Receipts (Section 3.2) are retained for the legal period of 5 years. The content of your Vault remains on your device under your control, and is only removed when you uninstall the Application.
Important: Since ReplicaZero operates under a Zero-Knowledge model and Vault data resides exclusively on your mobile device, ReplicaZero does not possess the technical means to access, correct, port, or delete Vault data on its central servers. Exercising these rights regarding local data is done directly by you within the Application, or before the partner company (controller) with whom you chose to share the information.
13. Age Requirement
The ReplicaZero Application is intended exclusively for individuals 18 (eighteen) years of age or older. We do not intentionally collect data from minors under 18. If we become aware that such data was collected, we will promptly delete it.
14. Changes to This Policy
We may update this Policy periodically. When we make changes that materially affect your rights or how we handle your data, we will notify you with at least 15 (fifteen) days' notice via push notification in the Application and/or by email.
15. Privacy Contact (DPO)
Email: [email protected]
DPO: ReplicaZero Privacy Committee
Address: Curitiba/PR, Brazil
This is an informational translation of the official Privacy Policy. The official legally binding version is written in Brazilian Portuguese and governs in case of discrepancy.
Other legal documents