Privacy Policy
Replic8d — FARIDSFORMULA LLC Effective Date: April 7, 2026 Last Updated: April 7, 2026
1. Introduction
FARIDSFORMULA LLC ("we," "us," "our") operates Replic8d ("the App"). This Privacy Policy explains how we collect, use, store, and protect your information. This policy applies to all users worldwide, including those in the European Union, European Economic Area, and United Kingdom.
2. Data Controller
FARIDSFORMULA LLC is the data controller for the purposes of applicable data protection laws including the EU General Data Protection Regulation (GDPR), UK Data Protection Act 2018, and the California Consumer Privacy Act (CCPA).
Contact: farid@faridsformula.com
3. Information We Collect
3.1 Information You Provide
- Account Information: Email address, display name (when you create an account via email, Apple Sign-In, or Google Sign-In)
- Subscription Data: Purchase history, subscription status (processed by Apple, not stored by us)
- Promo Codes: Codes you redeem (stored locally on device)
- Marketplace API Keys: MakerWorld and Printables API keys you enter (stored locally on device)
- Bambu Lab Access Token: Printer authentication token (stored in device Keychain)
3.2 Information Collected Automatically
- Device Information: Device model, iOS version, available RAM, LiDAR capability
- Usage Data: Feature usage patterns, scan counts, export formats used
- Crash Reports: Diagnostic data to improve stability (via Apple's standard crash reporting)
3.3 Scan Data
- 3D Models: USDZ files generated from your scans (stored on-device)
- Raw Scan Frames: JPEG images and depth data captured during scanning (stored on-device)
- Video Frames: Temporarily processed during scanning, not retained after model generation unless you choose to save them
- Depth Data: LiDAR or ML-estimated depth maps, processed on-device
- Thumbnails: Preview images of completed scans
3.4 Cloud Render Data
- Scan Frames: When you use Cloud Render, your captured frames are transferred to a local Mac or cloud server for processing. Frames are deleted after processing is complete.
- Processed Models: The resulting USDZ model is returned to your device.
3.5 Information We Do NOT Collect
- Precise GPS location
- Contacts or address book
- Photos or videos outside of the scanning workflow
- Biometric data (Face ID / Touch ID is handled by iOS, not the App)
- Microphone or audio data
4. Legal Basis for Processing (GDPR)
We process your personal data based on the following legal grounds:
| Data | Legal Basis |
|---|---|
| Account information | Performance of contract (providing the service) |
| Subscription data | Performance of contract |
| Device/usage data | Legitimate interest (improving the app) |
| Crash reports | Legitimate interest (maintaining service stability) |
| Scan data | Performance of contract |
| Cloud render frames | Your consent (you initiate each transfer) |
5. How We Use Your Information
- Provide the Service: Process scans, generate 3D models, enable AR placement and export
- Account Management: Authenticate users, manage subscriptions, sync data
- Improve the App: Analyze aggregated usage patterns and crash reports
- Communication: Send account-related emails (verification, password reset, service updates)
- Customer Support: Respond to inquiries and resolve issues
We do NOT sell your personal information. We do NOT use your scan data for advertising, marketing, or AI training.
6. Data Storage and Retention
6.1 On-Device Storage
- Scan history, 3D models, raw frames, and thumbnails stored locally
- App preferences stored in UserDefaults
- Authentication tokens stored in device Keychain
6.2 Cloud Storage
- Firebase Authentication: Account data stored in Google Cloud (US data centers)
- Firebase Firestore: User preferences and scan metadata (when cloud sync is enabled)
- Cloud Render: Frames temporarily stored on processing server, deleted within 24 hours of completion
6.3 Data Retention
- On-device data persists until you delete it or uninstall the App
- Cloud account data retained while your account is active
- Upon account deletion, cloud data removed within 30 days
- Cloud render job data deleted within 24 hours of completion
7. Data Transfers (International)
Your data may be transferred to and processed in the United States where our servers are located. For EU/EEA/UK users, we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Google's and Apple's data processing agreements which incorporate appropriate safeguards
8. Third-Party Services
| Service | Provider | Purpose | Privacy Policy |
|---|---|---|---|
| Firebase Authentication | User sign-in | https://firebase.google.com/support/privacy | |
| Firebase Firestore | Cloud data storage | https://firebase.google.com/support/privacy | |
| Apple Sign-In | Apple | Authentication | https://www.apple.com/legal/privacy/ |
| Google Sign-In | Authentication | https://policies.google.com/privacy | |
| StoreKit / App Store | Apple | Subscription management | https://www.apple.com/legal/privacy/ |
| CoreML (on-device) | Apple | Depth estimation | Processed locally, no data sent |
| Vision Framework (on-device) | Apple | Frame analysis | Processed locally, no data sent |
| MakerWorld | Bambu Lab | 3D model marketplace upload | User-initiated only |
| Printables | Prusa Research | 3D model marketplace upload | User-initiated only |
| Bambu Lab Cloud | Bambu Lab | Direct-to-printer | User-initiated only |
9. Data Sharing
We share your information only in these circumstances:
- With your consent: When you explicitly share/export content or upload to marketplaces
- Service providers: Third-party services listed above, under contractual obligations
- Legal requirements: When required by law, subpoena, or legal process
- Safety: To protect rights, safety, or property of users or the public
- Business transfer: In connection with a merger, acquisition, or sale of assets (with notice)
10. Your Rights
All Users
- Access: Request a copy of your personal data
- Correction: Update inaccurate information
- Deletion: Request deletion of your account and data
- Export: Download your scan data at any time via the Share function
- Opt-out: Disable optional data collection in Settings
EU/EEA/UK Residents (GDPR)
In addition to the above, you have the right to:
- Restrict Processing: Request limitation of how we process your data
- Data Portability: Receive your data in a structured, machine-readable format
- Object: Object to processing based on legitimate interests
- Withdraw Consent: Withdraw consent at any time (without affecting prior processing)
- Lodge a Complaint: With your local data protection supervisory authority
- Not be subject to automated decision-making: We do not make automated decisions with legal effects
To exercise GDPR rights, contact: farid@faridsformula.com. We will respond within 30 days.
California Residents (CCPA/CPRA)
- Right to Know: What personal information is collected, used, and shared
- Right to Delete: Request deletion of personal information
- Right to Opt-Out: Of the sale of personal information (we do not sell data)
- Right to Non-Discrimination: For exercising your privacy rights
- Right to Correct: Inaccurate personal information
11. Children's Privacy
The App is rated 12+. We do not knowingly collect information from children under 13 (or under 16 in the EU/EEA). If we discover we have collected data from a child under the applicable age, we will delete it promptly. Parents or guardians may contact us to request deletion.
12. Cookies and Tracking
The App does not use cookies. We do not use any third-party advertising or tracking SDKs. Firebase may use device identifiers for authentication purposes only.
13. Security
We implement reasonable security measures including:
- Encrypted data transmission (TLS/SSL)
- Encrypted cloud storage (Firebase uses AES-256)
- Secure authentication protocols (OAuth 2.0, JWT)
- On-device processing for sensitive operations (scanning, depth estimation, frame analysis)
- Keychain storage for sensitive tokens
No method of transmission or storage is 100% secure. We cannot guarantee absolute security.
14. Data Protection Officer
For EU/EEA related inquiries, you may contact our data protection point of contact:
FARIDSFORMULA LLC Attn: Data Protection Email: farid@faridsformula.com
15. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes through the App or via email. Continued use after changes constitutes acceptance. Previous versions are available upon request.
16. Contact Us
FARIDSFORMULA LLC Email: farid@faridsformula.com Website: https://faridsformula.com
For privacy-specific inquiries, include "Privacy" in the subject line.
GDPR Addendum
This privacy program includes a GDPR-specific data processing addendum for users in the European Union, European Economic Area, and United Kingdom.
Data Processing Addendum (GDPR)
Replic8d — FARIDSFORMULA LLC Effective Date: April 7, 2026
This addendum supplements the Replic8d Privacy Policy for users in the European Union, European Economic Area, and United Kingdom.
1. Data Controller
FARIDSFORMULA LLC acts as the Data Controller for personal data collected through Replic8d.
Contact: FARIDSFORMULA LLC Email: farid@faridsformula.com
2. Data Processing Activities
| Processing Activity | Data Categories | Legal Basis | Retention |
|---|---|---|---|
| Account creation | Email, name | Contract performance | Until account deletion |
| Authentication | Email, auth tokens | Contract performance | Until account deletion |
| Subscription management | Purchase status | Contract performance | Until account deletion |
| 3D scanning | Images, depth data | Contract performance | User-controlled (on-device) |
| Cloud rendering | Scan frames | Consent (user-initiated) | Deleted within 24 hours |
| Crash reporting | Device info, stack traces | Legitimate interest | 90 days |
| Usage analytics | Aggregated feature usage | Legitimate interest | 12 months |
| Marketplace upload | Model files, metadata | Consent (user-initiated) | Per marketplace terms |
3. Sub-Processors
| Sub-Processor | Location | Purpose | Safeguards |
|---|---|---|---|
| Google LLC (Firebase) | United States | Authentication, database | SCCs, EU-US Data Privacy Framework |
| Apple Inc. | United States | Sign-In, payments, crash reports | SCCs, EU-US Data Privacy Framework |
| Bambu Lab | China/EU | Printer API (user-initiated) | User consent per transfer |
| Prusa Research | Czech Republic (EU) | Marketplace upload | Within EU |
4. Data Subject Rights
EU/EEA/UK residents may exercise the following rights by contacting farid@faridsformula.com:
1. Right of Access (Art. 15 GDPR) — Obtain confirmation of processing and a copy of your data 2. Right to Rectification (Art. 16 GDPR) — Correct inaccurate personal data 3. Right to Erasure (Art. 17 GDPR) — Request deletion ("right to be forgotten") 4. Right to Restrict Processing (Art. 18 GDPR) — Limit how we process your data 5. Right to Data Portability (Art. 20 GDPR) — Receive data in machine-readable format 6. Right to Object (Art. 21 GDPR) — Object to processing based on legitimate interests 7. Rights related to automated decision-making (Art. 22 GDPR) — We do not make automated decisions with legal effects
Response time: Within 30 days of receiving your request. May be extended by 60 days for complex requests (with notification).
Verification: We may need to verify your identity before processing requests.
5. Data Protection Impact Assessment
We have conducted a Data Protection Impact Assessment (DPIA) for the following high-risk processing:
- 3D scanning of physical objects (may inadvertently capture personal data in the environment)
- Person segmentation for frame analysis (processes biometric-adjacent data on-device only)
Mitigations:
- All scanning and frame analysis is performed on-device — no personal image data is transmitted
- Person segmentation is used solely to detect and remove frames with hands/people, not to identify individuals
- Users control all scan data and can delete it at any time
6. Data Breach Notification
In the event of a personal data breach:
- We will notify the relevant supervisory authority within 72 hours where feasible
- We will notify affected data subjects without undue delay if the breach poses a high risk
- We maintain a breach register documenting all incidents
7. International Transfers
Personal data transferred outside the EU/EEA is protected by:
- Standard Contractual Clauses (SCCs) as approved by the European Commission (Decision 2021/914)
- Adequacy decisions where applicable
- Supplementary measures as needed based on transfer impact assessments
8. Children
We do not knowingly process personal data of children under 16 in the EU/EEA. If processing of a child's data is discovered, it will be deleted immediately.
9. Supervisory Authority
EU/EEA residents have the right to lodge a complaint with their local data protection supervisory authority. A list of authorities is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en
10. Updates
This addendum will be updated to reflect changes in processing activities or applicable law. Material changes will be communicated via the App or email.