Railbase

Privacy Policy

Effective date: 19 June 2026

This Privacy Policy explains how Silkway Tech LLC, a Wyoming limited liability company ("we", "us"), operator of Railbase and the website at railbase.app (the "Service"), collects, uses, and shares personal data. Mailing address: 5830 E 2nd St, Ste 7000 #30294, Casper, WY 82609, USA. Contact: support@railbase.app.

Scope. This policy covers railbase.app, the plugin marketplace, account, billing, licensing/distribution, support, analytics, and compliance systems we operate. It does not cover the application data inside a Railbase deployment you self-host on your own servers. For a self-hosted deployment, you are normally the controller or operator responsible for your users, tenants, records, files, logs, plugins, integrations, cookies, and compliance notices.

1. Data we collect

  • Account data — email address, login/session records, hashed credentials where applicable, optional profile fields, and optional two-factor/security data.
  • Billing and tax data — processed primarily by Stripe. We receive and store limited billing information such as Stripe customer/subscription identifiers, billing country, billing address, buyer type, company legal name, VAT/GST/tax ID, tax status, subscription status, invoices, refunds, chargebacks, and payment metadata. We do not store full card numbers.
  • License and marketplace data — plugins purchased, seats/roles, license keys issued, activation and validation requests, device/node activation state, version/download records, artifact grants, and embedded marketplace purchase events from self-hosted Railbase consoles.
  • KYC and sanctions-screening data — buyer name, company name, tax ID, country, screening context, verdict, and match summary where we screen a purchase or active subscriber against sanctions lists. Screening records are operator-only and are used for legal compliance, fraud prevention, and export/sanctions controls.
  • Support, reviews, and development requests — support messages, plugin reviews, ratings, author names, verified-owner status, custom-development requests, budget/timeline fields, specifications, and optional uploaded files you submit to us.
  • Technical and usage data — IP-derived salted hash, country, browser/user-agent, referrer host, pages viewed, download events, selected language, dwell time, scroll depth, CTA clicks, performance signals, JavaScript error metadata, and server logs. We do not store raw IP addresses in our page-view and download analytics tables.
  • Cookies and local storage — sign-in/security cookies, language and theme preferences, CSRF state, OAuth/SAML state in self-hosted deployments, and localStorage values used by Railbase-generated frontends. See our Cookie Policy.
  • Communications data — emails we send or receive, including transactional receipts, renewal notices, support acknowledgements, security notices, and delivery status.

We do not intentionally collect special-category data. Please do not send us unnecessary sensitive data in support messages, reviews, development specifications, or uploaded files.

2. Self-hosted Railbase deployments

Railbase is self-hosted software. Data stored in your own Railbase instance remains under your control unless you choose to send it to us or to a third-party service. Your deployment may process user accounts, admin accounts, sessions, tenants, API tokens, audit logs, files, webhooks, backups, mailer data, OAuth/SAML/LDAP/WebAuthn/MFA data, Stripe integration data, plugin data, and application-specific records.

If you send us database exports, logs, screenshots, support bundles, custom-development specifications, or other materials from your deployment, we process that submitted data to provide support, security review, debugging, development, or contractual services.

3. Translate plugin data

The Railbase Translate plugin normally runs inside your self-hosted Railbase deployment. Uploaded source files, translated results, glossary terms, translation jobs, language settings, and job history are stored in that deployment. Depending on the plugin version and configuration, document text may be sent to third-party machine-translation engines such as Google Translate free endpoints, MyMemory, or Lingva instances. OCR may use local operating-system capabilities such as Apple Vision, Windows OCR, or Tesseract.

Do not process confidential, regulated, or highly sensitive documents through external translation engines unless you have confirmed that your configuration, vendor terms, and legal basis are appropriate. Machine translation can be inaccurate and should be reviewed by a qualified human before official use.

4. How we use data

We use personal data to provide and maintain the Service; create and manage accounts; process payments, subscriptions, renewals, refunds, tax calculation, invoicing, and accounting; issue and validate licenses; operate the marketplace and distribution server; provide support and custom-development intake; moderate reviews; send transactional emails; detect, prevent, and investigate fraud, abuse, security incidents, chargebacks, and sanctions/export risks; comply with legal obligations; improve reliability, security, and product quality; and understand high-level usage of the website and marketplace.

5. Legal bases for EEA/UK users

Where the GDPR or UK GDPR applies, we rely on:

  • Performance of a contract — account access, downloads, marketplace purchases, billing, subscriptions, license issuance, support, and plugin delivery.
  • Legitimate interests — security, fraud prevention, abuse prevention, basic first-party analytics, product improvement, review moderation, support operations, and sanctions-risk management.
  • Legal obligation — tax, accounting, sanctions/export controls, and legally required records.
  • Consent — where required, such as optional marketing or non-essential cookies if we introduce them.

6. How we share data

We do not sell personal data. We share data with service providers and counterparties that help us operate the Service:

  • Stripe — payments, subscriptions, invoices, billing portal, tax calculation, tax IDs, refunds, disputes, and related compliance checks.
  • Hosting infrastructure — hosting railbase.app, the licensing/distribution server, databases, backups, and logs.
  • Transactional email provider — sending receipts, license notices, support acknowledgements, security notices, and service emails.
  • GitHub and release infrastructure — source/release synchronization, issue or development workflow, and artifact distribution where applicable.
  • Compliance data sources — sanctions-list data used to screen buyers and active subscribers.
  • Third-party translation engines — only when a self-hosted Translate plugin or a related customer configuration sends document text to those engines.

We may also disclose data to comply with law, enforce our Terms, prevent fraud or abuse, protect rights, safety, and security, or in connection with a merger, acquisition, financing, reorganization, or sale of assets.

7. International transfers

We are based in the United States and our providers may process data in the U.S. and other countries. Where required for EEA/UK data, transfers rely on appropriate safeguards such as the EU Standard Contractual Clauses or other legally recognized transfer mechanisms.

8. Retention

We keep personal data for as long as needed for the purposes described above. Account and license records are kept while your account or licenses are active and for a reasonable period afterward. Billing, tax, accounting, dispute, and compliance records may be retained for the period required by law. Support and development requests are retained while needed to handle the request and maintain business records. Analytics and download records are bounded and may be pruned or aggregated. Self-hosted deployment data is retained according to your own configuration and policies.

9. Your rights

Depending on where you live, you may have rights to access, correct, delete, port, restrict, or object to processing of your personal data, and to withdraw consent. EEA/UK residents have rights under the GDPR/UK GDPR. California residents have rights under the CCPA/CPRA, including the right to know, delete, correct, and opt out of sale or sharing. We do not sell personal data and do not use cross-context behavioral advertising.

To exercise rights, contact support@railbase.app. We may need to verify your request and may retain information where required for legal, security, tax, accounting, or contractual reasons.

10. Cookies

We use necessary cookies and similar storage for authentication, security, language selection, and preferences. Our first-party analytics are cookieless and do not set tracking identifiers. See our Cookie Policy for details.

11. Security

We use reasonable technical and organizational measures, including encryption in transit, access controls, signed artifacts and license keys, hashed credentials, CSRF protections, security headers, audit logging, and restricted operator access. No method of transmission or storage is completely secure. For software you self-host, the security of that deployment, its plugins, storage, backups, and integrations is your responsibility.

12. Children

The Service is not directed to children under 16, and we do not knowingly collect their personal data. If you believe a child has provided us data, contact us and we will delete it where required.

13. Changes

We may update this policy. Material changes will be posted here with a new effective date and, where appropriate, notified by email. Continued use after changes take effect constitutes acceptance.

14. Contact

Silkway Tech LLC — 5830 E 2nd St, Ste 7000 #30294, Casper, WY 82609, USA · support@railbase.app