Privacy Policy
Last updated: July 16, 2026
This policy explains how ReTheme collects, uses and protects your personal information when you use the desktop app, the retheme.app website and the theme store. We collect the minimum necessary: the theme engine runs locally on your device, and we never read your code or conversations.
1. Information we collect
Account: your email address and a hashed password (we never store the plain password).
Transactions: order number, plan, amount and payment-provider receipts. Card details are handled by the payment provider and never stored by us.
Device and licensing: a device identifier used for single-device licensing and license heartbeat timestamps.
Theme usage records: to pay theme authors their revenue share, we record de-duplicated monthly usage of Pro-catalog themes by Pro users (theme, time, entitlement source).
Operational logs: API access logs for troubleshooting and abuse prevention.
2. Information we do not collect
We do not collect or upload your code, conversations or files from target applications such as Codex. Theme injection and restoration happen entirely on your machine, connecting only to the local loopback address.
3. How we use information
To provide sign-in and license verification, process orders, pay theme authors, offer support, improve the product and keep the Service secure.
We do not sell personal information and we do not serve third-party ads.
4. Cookies and local storage
The website stores a sign-in token in localStorage to keep your session. The desktop app stores preferences and license caches locally. We use no third-party tracking cookies.
5. Third-party processors
Payments are processed by third parties: domestic (China) orders through local payment providers, international orders by Paddle as Merchant of Record (subject to Paddle's privacy policy). We only receive transaction receipts.
Infrastructure providers (hosting, transactional email) process data only as needed to serve us.
6. Retention
Account data is kept while your account exists. Transaction records are kept for the minimum period required by law. After account deletion we erase or anonymize personal data, except where retention is legally required.
7. Security
We protect data with TLS in transit, hashed password storage and least-privilege access. If a security incident affects your rights, we will notify you as required by law.
8. Your rights
You may access, correct or export your personal data, or request account deletion, by emailing admin@dux.plus. We respond within 15 business days.
9. Children
The Service is intended for users with full legal capacity. Minors should use it only with a guardian's consent and guidance.
10. International transfers
Payment data for international orders is processed by Paddle where it operates. Account data is otherwise stored where our servers are located.
11. Changes and contact
Updates to this policy are posted on this page with a new date; material changes are announced separately. Privacy questions: admin@dux.plus.