Privacy Policy

Effective: May 31, 2026 · This is the initial launch version, pending legal review.

1. Data controller

The Remora application and remora.embedra.net domain are operated by Embedra Teknoloji Hizmetleri Ticaret ve Sanayi Anonim Şirketi ("Embedra", "Remora", "we"), registered at Adatepe Mah. Doğuş Cad. No: 207Z İç Kapı No: 1, Buca / İzmir (MERSIS 0334130384100001). For any privacy inquiries: remora-privacy@embedra.net.

2. What we collect

Remora is P2P — your screen, keyboard/mouse input, and transferred files do not touch our servers. Two machines establish an end-to-end encrypted (WebRTC DTLS) direct connection.

Beyond that, we collect the following minimum data:

• Signaling data: 10-digit Host ID, peer ID (UUID), IP address, connection timestamps. The 6-digit PIN never leaves your machine — the viewer hashes it locally with Argon2 and the host verifies; the server only relays the resulting PHC string. Signaling logs are purged automatically after 30 days.
• Telemetry / crash reports (optional): If the app crashes, anonymous crash reports may be sent via Sentry. You can disable this in settings.
• Analytics: Website traffic uses Vercel Web Analytics — no cookies, no personal identifiers, GDPR compliant.
• Account (optional): If you register, we store your email address and (if you use Google OAuth) your profile name.

3. How we use the data

• To operate the service (peer matchmaking).
• To prevent abuse (IP rate limiting).
• To improve the product (crash reports, usage metrics).
• If you have an account: to secure it and send notifications you requested.

We do not sell your data or share it with third parties for marketing.

4. Retention

• Signaling logs: automatically deleted after 30 days.
• Crash reports: 90 days.
• Account data: retained until you cancel; deleted within 30 days after cancellation.
• Payment records: 10 years, per applicable tax law.

5. Third-party services

• Google Cloud Platform (signaling server hosting, europe-west3).
• Vercel (website hosting and web analytics, EU region).
• Supabase (user account database, EU region).
• Sentry (crash reports, optional).
• Merchant of Record payment partner (seller of record & payment processing, for paid subscribers only). The partner — named at checkout and on your receipt — handles card/billing data; full card numbers never reach our servers.

6. Your rights (GDPR & KVKK)

You have the right to (a) access, (b) rectify, (c) erase, (d) restrict processing, (e) data portability, and (f) object regarding your personal data. To exercise any of these, email remora-privacy@embedra.net — we respond within 30 days.

7. Cookies

Our website uses only essential cookies (language preference, session). No tracking or marketing cookies.

8. Policy changes

If this policy changes, we'll notify you (email if you have an account, or a banner on the website for at least 14 days if not).