Privacy Policy for Replento

Last updated: 4 June 2026 · Effective: 4 June 2026

This Privacy Policy explains how the Replento browser extension (“Replento”, “the extension”, “we”, “us”) handles your information. Replento is a form-autofill tool that stores the personal details you choose to save and inserts them into web forms when you explicitly ask it to.

The short version: Everything you save in Replento stays on your own device, in your browser's local storage. We do not run servers that collect, receive, or store your profile data, and we never sell it or use it for advertising. The only time information leaves your device is when you activate a paid (Pro) license, in which case your license key is sent to our payment provider to verify it.

1. Who is responsible (Data Controller)

The party responsible for data processing within the meaning of the EU General Data Protection Regulation (GDPR) is:

LH WebApps — Leon Hoscheidt
Gartenstraße 91
53721 Siegburg
Germany
Email: info@lhwebapps.com

2. What data Replento processes and where it is stored

All of the data below is stored locally on your device using your browser's built-in storage (IndexedDB and chrome.storage.local). It is not synced to a Replento server and is not transmitted to us. It remains on your device until you delete it or remove the extension.

2.1 Profile data you enter

You decide what to store. Depending on the fields you fill in, this may include:

Category	Examples
Personal	First/middle/last name, name suffix, email, phone & mobile, date & place of birth, nationality, gender, salutation, title
Address	Street, house number, postal code, city, state/province, country
Banking & payment	IBAN, BIC/SWIFT, bank name, account holder, credit-card holder name, card number, card expiry
Tax & social	Tax ID, tax number, VAT ID, social-security number (incl. US SSN), health-insurance provider & insurance number
Business	Company, job title, department, commercial-register number, registry court, website
Identity documents	National ID number, passport number, driver's-license number, document expiry dates

Some of these fields (e.g. health-insurance details) may constitute special categories of personal data under Article 9 GDPR. Replento processes such data only on your device and solely at your direction; we never receive it.

Card security codes (CVV/CVC) are never stored. By design, Replento does not save or autofill a card's security code — you enter it yourself each time.

2.2 Fill history

Replento may keep a local log of autofill events (the time a fill happened and the target site) so you can review recent activity. This history is stored locally and can be cleared by you at any time.

2.3 Settings & license information

Your extension settings, active profile selection, and — if you purchase Pro — your license key and the customer name/email returned by our payment provider during verification are stored locally so the extension can remember your Pro status.

3. Optional encryption vault

Replento offers an optional vault. When you set a vault password, your profile data is encrypted on your device using AES-256-GCM with a key derived from your password (PBKDF2-HMAC-SHA-256, 600,000 iterations). The unlocked key is held only in volatile session memory (chrome.storage.session) and is never written to disk or transmitted. We do not know and cannot recover your vault password — if you lose it, the encrypted data cannot be restored by us.

4. Data we transmit to third parties

4.1 License verification (Lemon Squeezy)

Replento Pro licenses are sold and verified through Lemon Squeezy (Lemon Squeezy, LLC, USA), which also acts as the merchant of record for the purchase. When you activate or re-validate a Pro license, Replento sends your license key to Lemon Squeezy's API (api.lemonsqueezy.com) to confirm it is valid. Re-validation occurs periodically (approximately every 7 days) while Pro is active. In response, Lemon Squeezy may return the customer name and email associated with the purchase, which Replento caches locally.

When you buy Pro, the checkout is hosted by Lemon Squeezy (store.lhwebapps.com, powered by Lemon Squeezy). Any payment and billing data you enter there is collected and processed by Lemon Squeezy under their own privacy policy — the Replento extension does not see or store your payment-card or billing details. Because Lemon Squeezy is based in the United States, this involves a transfer of the license key (and related account data held by them) outside the EU/EEA.

See Lemon Squeezy's privacy policy: https://www.lemonsqueezy.com/privacy.

4.2 No analytics or tracking

Replento contains no analytics, telemetry, advertising, or third-party tracking. We do not collect your browsing history, the contents of pages you visit, or the data you fill into forms.

5. Browser permissions and why we need them

Host access to all sites (<all_urls>) — required so Replento can detect form fields and insert your saved data on whatever site you choose to fill. Fills happen only when you explicitly trigger them (toolbar click, right-click menu, or keyboard shortcut). Replento does not read or transmit page content on its own.
Storage — to save your profiles and settings locally on your device.
Scripting / activeTab — to place your data into form fields on the current page when you trigger a fill.
Context menus, side panel, tabs, commands — to provide the right-click fill option, the side panel UI, and keyboard shortcuts.

6. Legal bases for processing (GDPR Art. 6)

Performance of a contract (Art. 6(1)(b)) — storing your profile data locally and providing the autofill function you requested; verifying your Pro license.
Legitimate interests (Art. 6(1)(f)) — protecting against license abuse and keeping the extension secure and functional.
Consent (Art. 6(1)(a), and Art. 9(2)(a) for special-category data) — you provide the data voluntarily and decide which fields to store and when to use them. You can withdraw at any time by deleting the data.

7. Data retention

Profile data, settings, and history remain on your device until you delete them within the extension or uninstall the extension (uninstalling clears the extension's local storage). License records held by Lemon Squeezy are retained by them according to their own policy.

8. Your rights

Because your profile data lives only on your device, you are in direct control of it: you can view, edit, export, or delete it at any time through the extension. In addition, under the GDPR you have the right to access, rectification, erasure, restriction, data portability, and objection regarding any personal data for which we are the controller (in practice, license-related data). To exercise these rights, contact us at info@lhwebapps.com.

You also have the right to lodge a complaint with a data-protection supervisory authority. The competent authority for us is the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia (Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen, LDI NRW).

9. Children

Replento is not directed to children and is not intended for use by individuals under the age of 16. We do not knowingly process data from children.

10. Security

Your data is stored within your browser's protected storage on your own device. For sensitive fields we recommend enabling the optional encryption vault (Section 3). No method of electronic storage is completely secure, but because we do not transmit or hold your profile data, the primary safeguard is the security of your own device and browser profile.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be reflected by updating the “Last updated” date above and, where appropriate, through a notice in the extension.

12. Contact

Questions about this Privacy Policy or your data? Contact:
LH WebApps — Leon Hoscheidt · info@lhwebapps.com