Privacy Policy

reCore is an ITAD operations platform. We process the minimum data necessary to provide the Service. We do not sell your data, we do not serve ads, and we do not share your information with third parties except as described below.

Account information. When you register, we collect your organization name, contact email, and administrator name. Technician accounts are created by your administrator with a name and PIN -- we do not collect personal email addresses for technicians.

Device data. When devices are processed through reCore, the client software collects hardware specifications (serial number, manufacturer, model, CPU, RAM, storage), diagnostic test results, data wipe records, and cosmetic grades. This data is tied to your organization's account, not to individual end users.

Usage data. We collect basic usage metrics: login timestamps, operations processed, and subscription usage counts. This is used for billing and service reliability.

Payment information. Payments are processed by Stripe. We do not store credit card numbers or bank account details on our servers. See Stripe's privacy policy for details on their data handling.

We use your data to:

• Provide and operate the reCore platform
• Generate compliance certificates and audit reports
• Process billing and manage your subscription
• Send transactional emails (account confirmations, billing receipts)
• Monitor service reliability and fix issues

We do not use your device data for any purpose other than providing the Service to you. We do not train machine learning models on your data. We do not profile your processing activities for marketing purposes.

reCore is a multi-tenant platform. Every database query is filtered by your organization's tenant ID. Your device records, test results, wipe certificates, and user accounts are logically isolated from all other organizations. No other customer can access your data.

Your data is stored in PostgreSQL databases hosted on infrastructure secured with encryption at rest and in transit (TLS 1.2+). Access to production systems is restricted to authorized personnel. Authentication tokens are stored server-side and expire after inactivity.

Wipe certificates include a SHA-256 file integrity hash to detect any post-generation modifications. Audit logs are append-only and cannot be modified or deleted through the application interface.

We use the following third-party services:

• Stripe -- payment processing and subscription management
• Infrastructure provider -- server hosting (data stored in the US)

We do not use third-party analytics, advertising networks, or tracking pixels on the reCore platform or this website.

Your data is retained for as long as your account is active. If you cancel your subscription, your data remains accessible in read-only mode. Upon account deletion, we retain data for 90 days to allow retrieval, after which it is permanently deleted from all systems including backups.

Wipe certificates and compliance records may be retained longer if required by applicable regulations. We will notify you if this applies to your data.

You have the right to:

• Export your data at any time through the platform's reporting features
• Delete your account and all associated data by contacting us
• Correct inaccurate account information through your admin dashboard
• Restrict processing by cancelling your subscription (data preserved, processing stops)

For data subject requests under GDPR, CCPA, or equivalent regulations, contact us at the address below. We respond to all requests within 30 days.

The reCore dashboard uses session cookies for authentication. This website (recore.replugit.com) uses a theme preference cookie. We do not use tracking cookies, third-party cookies, or cookie-based analytics.

We may update this policy to reflect changes in how we handle data. Material changes will be communicated via email at least 30 days before they take effect. The "Last updated" date at the top of this page indicates the most recent revision.