Privacy Policy
Effective date: May 29, 2026
Corral ("we", "us", "our") respects your privacy. This policy describes what data Corral collects — which is very little — and how it is used.
1. Data We Do Not Collect
Corral does not include analytics, telemetry, or tracking of any kind. We do not collect usage statistics, crash reports, or behavioral data. Your projects, source code, configuration files, and local data never leave your device.
2. License Validation
If you have a Corral Pro subscription, the application contacts Corral's license server to activate and validate your license.
When you activate a device, Corral transmits your license key, an irreversible SHA-256 hash of your hardware UUID (the raw hardware UUID is never sent), and your device name (your computer's hostname). The license server records an activation for that device — the hashed identifier, the device name, and the activation and last-validated timestamps.
Corral's license server also stores a record of your license, including your name and email address (which we receive from our payment processor, Paddle, when your purchase is processed), your subscription identifiers, and your license status. This record lets us validate seats, deliver your license key, and process renewals and refunds.
After activation, Corral re-validates approximately every 24 hours while your device is online. Re-validation transmits only your license key and the opaque activation ID assigned when the device was activated — not the device fingerprint, which is sent only at activation — and updates the last-validated timestamp. As with any internet request, your IP address is visible to the server; it is used only transiently for rate-limiting and is not stored in your license record.
3. Node.js Downloads
When you install a Node.js version through Corral, the binary is downloaded directly from nodejs.org. Corral does not proxy, intercept, or log these requests. Your interaction is directly with the Node.js project's distribution servers.
4. Payment Data
Payments for Corral Pro are processed by Paddle, our Merchant of Record. Paddle collects and processes your payment information directly. Corral never receives, processes, or stores your payment details (such as credit card numbers or billing addresses). For information on how Paddle handles your data, see Paddle's Privacy Policy.
5. License Key Delivery
When you purchase Corral Pro, a license key email is sent via Resend. Resend receives only your email address and name for delivery purposes. See Resend's Privacy Policy for details on how they handle your data.
6. Website
The Corral marketing website (corral.sh) is a static site. We do not use cookies, analytics services, or tracking scripts on our website.
7. Data Storage
All Corral data — including project configurations, installed Node.js versions, local databases, and application settings — is stored locally on your device. The only data Corral stores remotely is the license and activation information described in Section 2; we do not operate any other cloud services, remote storage, or user accounts.
8. Children's Privacy
Corral is not directed at children under the age of 13, and we do not knowingly collect personal information from children.
9. Changes to This Policy
We may update this Privacy Policy from time to time. When we make changes, we will update the effective date at the top of this page. Continued use of the Service after changes take effect constitutes acceptance of the revised policy.
10. Contact
If you have questions about this Privacy Policy, contact us at [email protected].