Railbase

Privacy Policy

Effective date: 5 June 2026

This Privacy Policy explains how Silkway Tech LLC, a Wyoming limited liability company ("we", "us"), operator of Railbase and the website at railbase.app (the "Service"), collects, uses, and shares personal data. Mailing address: 5830 E 2nd St, Ste 7000 #30294, Casper, WY 82609, USA. Contact: privacy@railbase.app.

Scope. This policy covers the website, the plugin marketplace, account, billing, and the licensing/distribution server we operate. It does not cover data inside the software you self-host on your own servers — for that deployment, you are the data controller and responsible for your end users' data.

1. Data we collect

  • Account data — the email address you register, and authentication data (hashed passwords / session tokens, optional 2FA).
  • Billing data — processed by our payment processor Stripe. We receive limited information such as the last four digits of your card, card brand, billing country, and subscription status. We do not store full card numbers.
  • License & order data — plugins purchased, seats/roles, license keys issued, version/download records, and validation requests made by your deployment to the licensing server (which may include your server's IP address and a deployment/license identifier).
  • Support data — messages, inquiries, and attachments you send us.
  • Technical/usage data — IP address, browser/user-agent, pages viewed, and server logs, collected to operate and secure the Service. Our page-view analytics are first-party and cookieless: we store a salted hash of your IP address (to count unique visitors), your country, the page, the referring site, and time on page — never your raw IP address, and we do not share this with third-party analytics providers.
  • Cookies — a session cookie for sign-in and minimal preferences (for example, light/dark theme). See Section 8.

We do not intentionally collect special-category data, and we ask that you not send it to us.

2. How we use data

We use personal data to: provide and maintain the Service; create and manage accounts; process payments, subscriptions, renewals, and refunds; issue and validate license keys; provide support; send transactional emails (receipts, license/renewal notices, security and service messages); detect, prevent, and investigate fraud and abuse; comply with legal obligations (including tax and accounting); and improve the Service.

3. Legal bases (EEA/UK users)

Where the GDPR/UK GDPR applies, we rely on: performance of a contract (providing the Service, billing, licensing); legitimate interests (securing the Service, preventing fraud, basic analytics); legal obligation (tax/accounting records); and consent (where required, e.g., certain cookies or marketing — which you can withdraw at any time).

4. How we share data — sub-processors

We do not sell personal data. We share it with service providers that help us run the Service, under contracts requiring appropriate protection:

  • Stripe — payments, subscriptions, and billing (USA / global).
  • Contabo — hosting of the website and licensing server (EU / Germany).
  • Transactional email provider (SMTP) — sending receipts, license, and service emails.

We may also disclose data to comply with law, enforce our Terms, or protect rights, safety, and security, and in connection with a merger, acquisition, or sale of assets.

5. International transfers

We are based in the United States and our providers may process data in the U.S. and other countries. Where required (e.g., for EEA/UK data), transfers rely on appropriate safeguards such as the EU Standard Contractual Clauses. By using the Service, you understand your data may be processed in the U.S.

6. Retention

We keep personal data for as long as your account is active and as needed to provide the Service, then for the period required to meet legal, tax, and accounting obligations (billing and tax records are typically retained for several years), after which we delete or anonymize it.

7. Your rights

Depending on where you live, you may have rights to access, correct, delete, port, restrict, or object to processing of your personal data, and to withdraw consent. EEA/UK residents have rights under the GDPR; California residents have rights under the CCPA/CPRA (including the right to know, delete, correct, and opt out of "sale"/"sharing" — we do not sell personal data). To exercise rights, contact privacy@railbase.app. We will respond as required by law. You may also lodge a complaint with your local data protection authority.

8. Cookies

We use a small number of cookies/local-storage entries that are strictly necessary for sign-in, security, and remembering preferences (such as your theme choice). Our usage analytics use no cookies and set no tracking identifiers, so no analytics-cookie consent is required. If we add non-essential/analytics cookies, we will request consent where required and update this policy.

9. Security

We use reasonable technical and organizational measures (encryption in transit, access controls, signed license keys, hashed credentials). No method of transmission or storage is 100% secure, and we cannot guarantee absolute security. For software you self-host, the security of that deployment is your responsibility.

10. Children

The Service is not directed to children under 16, and we do not knowingly collect their personal data. If you believe a child has provided us data, contact us and we will delete it.

11. Changes

We may update this policy. Material changes will be posted here with a new effective date and, where appropriate, notified by email. Continued use after changes take effect constitutes acceptance.

12. Contact

Silkway Tech LLC — 5830 E 2nd St, Ste 7000 #30294, Casper, WY 82609, USA · privacy@railbase.app