This Privacy Policy explains what personal data LocalCan collects, how we use it, and the rights you have. It applies to the LocalCan desktop app, the command-line tool (CLI), the website, the dashboard, and the public URL (tunnel) service.
We collect only the data we need to run the service. We do not sell or rent your personal data, and we do not show you ads or use advertising trackers. We only share data with the providers that help us operate, as described below.
The data controller for LocalCan is a sole proprietorship registered in Poland. Our full legal and contact details are in section 19.
For your account, billing, and product data, we are the data controller. We decide how that data is handled, and this policy applies to it.
For the traffic that passes through your public URLs, we act as a conduit. We relay it between the internet and your application, but we do not inspect or store its content. You control that traffic and are responsible for it. For business customers on the Teams plan, you can contact us at support@localcan.com for data processing terms covering that role.
Account and billing. When you subscribe, our payment provider Stripe collects your payment details and shares with us your name, email address, billing address, and the identifiers needed to manage your subscription and issue invoices. We do not see or store your full card number. For tax reasons we keep invoice records.
Sign-in and sessions. Dashboard sign-in uses a one-time code sent to your email, which is valid for a few minutes. When you are signed in, we store a session record that includes your IP address and browser user agent so we can keep you signed in and protect your account.
Product configuration. To run the service we store your license key, a device identifier and device name (your computer's hostname), your operating system and app version, and any custom domains and certificates you set up.
Custom domains. If you connect a custom domain, we obtain and automatically renew a TLS certificate for it from Let's Encrypt, a certificate authority. To do this we share the domain name with Let's Encrypt. Like all publicly trusted certificates, these are recorded in public Certificate Transparency logs, which means the domain name becomes publicly visible.
Teams. For team accounts we store team membership, roles (owner, admin, member), and the email addresses used for invitations.
Public URLs (tunnels). We store the tunnel URLs you create and the total amount of data transferred through them. We do not store the content of the traffic that passes through a tunnel.
Usage analytics in the app. The desktop app and CLI can send usage analytics, but only if you enable it. It is off by default. When enabled, it sends a random device identifier, app version, operating system, event names, and error reports (including error messages and stack traces) to our own servers to help us diagnose problems. It does not include your IP address or any of your traffic. We do not combine this with third-party data to identify you.
Website analytics. Our website uses Umami, a privacy-focused analytics tool that we self-host. It measures aggregate usage such as page visits, referring sites, and general visitor location and browser type. It does not use cookies, does not store data that identifies you personally, and is not used to track you across other websites.
We use your data to provide and operate LocalCan, to process payments and issue invoices, to authenticate you, to provide support, to improve the product, and to meet our legal and tax obligations.
Where the GDPR applies, we rely on the following legal bases: performance of our contract with you (to provide the service and billing), compliance with a legal obligation (tax and invoicing), our legitimate interests (to secure and improve the service, and to send product tips and updates to our customers and trial users, who can opt out at any time), and your consent (for the optional in-app usage analytics, which you can withdraw at any time).
We do not sell or rent your personal data, and we do not share it with advertising networks. We may create and use anonymized or aggregated data that does not identify you, for example overall usage statistics, to understand and improve the service.
We do not make decisions about you that have legal or similarly significant effects based solely on automated processing.
We share data with a small number of providers who process it on our behalf. For each one, we note where your data is handled.
For the providers that handle data in the United States, we rely on the safeguards described in section 10.
Your primary account data is stored in the European Union. Some of our providers process data outside the European Economic Area. Where that happens, the transfer is covered by appropriate safeguards, such as the European Commission's Standard Contractual Clauses.
The dashboard uses a single essential cookie to keep you signed in. It is required for the dashboard to work. Our website analytics are cookieless. We do not use advertising or cross-site tracking cookies.
We send transactional emails that are necessary to run your account, such as sign-in codes, billing receipts, team invitations, and subscription notices. These are required to use the service.
As a customer or trial user, you also receive product communications from us: tips on getting the most out of LocalCan, especially during your trial, and occasional product updates, for example around once a month. We send these because you have an account or trial with us, and you can opt out at any time using the unsubscribe link in any such email. Opting out does not affect the transactional emails above.
We keep your account data for as long as your account is active. We delete it on request, or after a prolonged period of inactivity. Invoice and billing records are kept for around five years to comply with Polish tax law.
Your primary account data is stored on servers in Amsterdam, in the European Union. Our edge servers run in several regions worldwide, but they are stateless and do not store your personal data.
We protect data in transit with encryption (TLS) and limit access to it. No system can be guaranteed perfectly secure, but we take reasonable measures to protect your information. If a data breach affects your data and the law requires it, we will notify you and the relevant authority.
If the GDPR applies to you, you have the right to access your data, to correct it, to have it deleted, to restrict or object to its processing, to receive a copy in a portable format, and to withdraw consent where we rely on it. To exercise any of these rights, contact us at support@localcan.com. We will respond within one month, and we may need to verify your identity before we act on your request.
You also have the right to lodge a complaint with the Polish data protection authority, the President of the Personal Data Protection Office (UODO).
LocalCan is not directed at children, and we do not knowingly collect data from anyone under 18. If you believe a child has provided us with personal data, contact us and we will delete it.
We may update this Privacy Policy from time to time. If we make material changes, we will give reasonable notice, for example by email or through the dashboard.
LocalCan is operated by, and the data controller is:
For any questions about this Privacy Policy or your data, or to exercise your rights, contact us at support@localcan.com.
Last updated: May 24, 2026