Security

Last updated: January 19, 2026

Architecture

All infra is provisioned/managed by Heroku (in US-based AWS regions), and uses their HA failover. Data is encrypted at rest using AES-256, and TLS 1.2+ in transit. The tool is ephemeral, and wipes data older than 3 months.

Automated Dependency Scanning

The codebase is continuously scanned using GitHub Dependabot to patch vulnerable libraries. Critical vulnernabilities are patched within 7 days of public disclosure.

Cookie Policy

This site uses a session ID cookie to track which difficulty you selected. No marketing cookies or analytics JS plugins of any kind.

Database Backups

Heroku Postgres maintains rolling database backups, and prunes old snapshots automatically over time. Backups can be restored in minutes, and are captured at least once every 24 hours.

Data Lifecycle

Inactive chats are auto-deleted after 3 months. Email support@replicate.info to request immediate deletion.

Subprocessors

All vendors are GDPR compliant, offer Standard Contractual Clauses (SCCs), and underwent security review prior to onboarding. This is the complete list. No additional tools (e.g., Google Analytics) are used beyond those listed here.

Amazon S3

Stores immutable, append-only audits for admin actions (e.g., data removal) with AES-256 at rest.

Datadog

Used for infrastructure telemetry and monitoring (e.g., CPU, memory, service health).

Heroku

Used for application infra and encrypted storage. All workloads run in isolated containers with TLS 1.2+ enforced, and AES-256 encryption at rest. Includes managed Heroku Postgres + Redis instances.

OpenAI

OpenAI's API powers the real-time content generation for the chat. None of your data is persisted by OpenAI. None of it is used to train their models. The prompting is ephemeral.

PagerDuty

Used for incident alerting and on-call scheduling. May store system-level alerts with metadata (e.g., timestamps, service names). No user-submitted content.

Papertrail

Used for infrastructure log aggregation and retention. Some logs may include metadata related to coaching email delivery (e.g. timestamps, team IDs).

Sentry

Used for internal error tracking and debugging. Some error logs may include technical metadata (e.g., error messages, timestamps, team IDs).