Privacy Policy

Effective date: April 7, 2026

Corral ("we", "us", "our") respects your privacy. This policy describes what data Corral collects — which is very little — and how it is used.

1. Data We Do Not Collect

Corral does not include analytics, telemetry, or tracking of any kind. We do not collect usage statistics, crash reports, or behavioral data. Your projects, source code, configuration files, and local data never leave your device.

2. License Validation

If you have a Corral Pro subscription, the application contacts Corral's license server to validate your license. This transmits your license key and a hashed device identifier derived from your hardware UUID. The raw hardware UUID is never sent — only an irreversible SHA-256 hash. This check occurs approximately every 24 hours when your device is online. No other data is sent during this process.

3. Node.js Downloads

When you install a Node.js version through Corral, the binary is downloaded directly from nodejs.org. Corral does not proxy, intercept, or log these requests. Your interaction is directly with the Node.js project's distribution servers.

4. Payment Data

Payments for Corral Pro are processed by Paddle, our Merchant of Record. Paddle collects and processes your payment information directly. Corral never receives, processes, or stores your payment details (such as credit card numbers or billing addresses). For information on how Paddle handles your data, see Paddle's Privacy Policy.

5. License Key Delivery

When you purchase Corral Pro, a license key email is sent via Resend. Resend receives only your email address and name for delivery purposes. See Resend's Privacy Policy for details on how they handle your data.

6. Website

The Corral marketing website (corral.sh) is a static site. We do not use cookies, analytics services, or tracking scripts on our website.

7. Data Storage

All Corral data — including project configurations, installed Node.js versions, local databases, and application settings — is stored locally on your device. Corral does not operate any cloud services, remote storage, or user accounts beyond the license validation described above.

8. Children's Privacy

Corral is not directed at children under the age of 13, and we do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the effective date at the top of this page. Continued use of the Service after changes take effect constitutes acceptance of the revised policy.

10. Contact

If you have questions about this Privacy Policy, contact us at contact@corral.sh.