Privacy Policy
Intrect builds audio plug-ins (de-artifact, de-leak-rt) and a related licensing service. This policy explains what personal data we collect when you visit intrect.io, install one of our plug-ins, or purchase a license — and what we do with it.
Operator. This service is operated by INTRECT (business registration number 107-36-71163), based at 서울 중구 충무로 5길 2, Seoul, Republic of Korea. For privacy questions write to contact@intrect.io.
1. What we collect
When you buy a license (Paddle)
Payments are processed by Paddle.com Market Limited as our Merchant of Record. They collect your name, email, billing address, country, IP, and card details to charge the order, calculate tax, and comply with anti-fraud regulation. We receive a subset of this from Paddle webhooks: order ID, plugin purchased, billing email, country code, and the Paddle customer ID. We never see your card number. Paddle's own privacy notice: paddle.com/legal/privacy.
When you activate a plug-in
The plug-in talks to license.intrect.io with three pieces of data:
- The license key we emailed you after purchase.
- A 32-character machine fingerprint derived from your hardware (macOS IOPlatformUUID, Linux machine-id, or Windows wmic UUID + hostname, hashed with SHA-256). This is not your IP address.
- The plug-in name being activated (e.g.
de-artifact).
We store this in a Cloudflare D1 database to track which seats are active, enforce the per-license seat limit, and re-issue blobs when they expire. The fingerprint cannot be reversed back to your hardware ID.
When you download an installer
The download server (downloads.intrect.io) writes one row per request to a separate analytics
database. The row contains: timestamp, the file path, request method, HTTP status, bytes streamed, country,
Cloudflare colo code, browser User-Agent, Referer, and a salted, truncated hash of your IP.
The salt rotates daily, so cross-day visitor correlation is not possible from the stored data alone. Raw
rows are deleted after 30 days; only daily aggregates (counts per file, country, etc.) are kept long-term.
When you visit the website
We use Cloudflare for hosting, DNS, and CDN — Cloudflare logs request metadata for security and abuse mitigation. We use Google Tag Manager on the homepage to load a site-traffic counter; if/when GA is enabled it will use first-party cookies and IP truncation. We use Cloudflare Turnstile on the download interstitial to block bot scraping; Turnstile reads limited browser environment information and does not track you across sites.
When you email us
Outbound transactional email (license keys, password resets, etc.) is sent through Resend. Inbound mail to contact@intrect.io is read by the operator. We do not run a mailing list at this time.
2. Why we hold it
- License delivery + seat enforcement — without the email and machine fingerprint we cannot tell whose license a request belongs to.
- Refunds + tax compliance — Paddle requires the order metadata for the statutory retention period in the buyer's country.
- Service operation + abuse mitigation — request logs let us detect mass scraping or license abuse.
- Legitimate interest in product improvement — aggregate download counts tell us which installer builds are actually used.
3. Who else sees it
- Paddle — payment processing.
- Cloudflare — hosting (Workers, R2, D1, Pages), DNS, and bot protection.
- Resend — outbound email.
- Google — Tag Manager / Analytics on the public site only (not in the plug-in or on
license.intrect.io).
We do not sell or rent personal data to third parties.
4. How long we keep it
- License records and Paddle order metadata: as long as the license is active, plus the period required for refunds and tax (typically 5–10 years depending on jurisdiction).
- Raw download analytics events: 30 days, then deleted.
- Daily aggregates derived from those events: indefinitely (no personal data, only counts and country codes).
- Email correspondence: until the matter is resolved, plus a reasonable archival period.
5. Your rights
Depending on where you live (GDPR / Korea PIPA / CCPA / etc.) you can ask us to:
- Confirm what data we hold about you and supply a copy.
- Correct anything that's wrong.
- Delete your data — subject to retention obligations from Paddle and tax law.
- Stop processing for a particular purpose (e.g. analytics).
Email contact@intrect.io with the request. We respond within 30 days and will not charge a fee for reasonable requests.
6. Children
Intrect is sold to professional musicians and audio engineers; we do not knowingly collect data from anyone under 14. If you believe a minor's data has reached us, write to us and we'll delete it.
7. Cookies
The marketing site (intrect.io) uses cookies set by Cloudflare (security) and Google Tag
Manager (anonymous traffic measurement). The download server uses no cookies. The licensing API and the
plug-in itself use no cookies.
8. Changes to this policy
Material changes will be announced on the homepage and dated at the top of this document. The Last updated field is authoritative.
See also Terms of Service.