lrok

// privacy

Privacy policy

Last updated 2026-05-09

What we collect

  • Account data — your email and name (via Clerk, our auth provider).
  • Billing data — handled by Clerk Billing on top of Stripe. We never see card numbers.
  • Tunnel state — your active subdomains, reservations, and custom domains.
  • Aggregate usage — bytes-in / bytes-out per user, in memory only. Resets on process restart. We never inspect or store your tunnel traffic content.
  • Page views — path counts on our own backend (no IPs, no user-agents, no session IDs), plus product analytics events sent to PostHog (see “Subprocessors” below).
  • Product analytics — once you sign in, we associate page views and product actions (e.g. tunnel started, reservation created) with your account so we can measure activation and improve the product. Anonymous visitors are tracked without an account identifier. Data is stored in PostHog's EU region.

What we do NOT collect or store

  • Your tunnel traffic content (request bodies, headers, payloads).
  • IP addresses of your visitors, beyond a single geo-lookup we cache.
  • We don't use Google Analytics, Plausible, or Mixpanel. Product analytics goes to PostHog (EU) for funnels and identified events, plus a self-hosted Umami instance for cookieless pageview counts — both detailed below.
  • Third-party error monitoring. No Sentry, no Bugsnag.

The request inspector

On the dashboard you can see the last 100 captured requests for each of your tunnels — method, path, status, latency, and the request/response bodies. Those captures live in the edge process memory, scoped to your account, and disappear when the tunnel closes. They are NOT persisted.

Subprocessors

  • Clerk — authentication and billing.
  • Stripe — payment processing (via Clerk).
  • Hetzner — edge hosting (Helsinki).
  • Namecheap — DNS for lrok.io.
  • Let's Encrypt — TLS certificate issuance.
  • PostHog — product analytics. EU project (eu.i.posthog.com), identified-only person profiles, no session recording. Events are routed through lrok.io/ingest (same-origin proxy) before being forwarded to PostHog.
  • Umami — self-hosted on umommy.lrok.io (same Hetzner edge as the rest of lrok). Cookieless, no cross-site identifier, no personal data. Captures path, referrer, screen size, browser, and country (geo-IP). Data never leaves our infrastructure.

Your rights

You can delete your account at any time from /dashboard. Doing so revokes all reservations, custom domains, and active tunnels, and removes your cached subscription record. Clerk owns the master account record; their data deletion controls apply (see clerk.com/privacy).

Contact

Questions about this policy: contact@lrok.io