Privacy Policy

DeploysApp ("we", "us", "our") operates the cloud hosting platform at deploysapp.com, including the dashboard, API, and related services. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our services.

By creating an account or using our services, you agree to the practices described in this policy.

Account information:

• Email address (required for registration)
• Password (stored as a bcrypt hash — we never store plain-text passwords)
• Display name (optional)
• Connected OAuth accounts (GitHub, Google — we store only the provider ID and profile name)

Service and deployment data:

• Project and service configuration (names, environment variables, build settings)
• Build and deployment logs
• Custom domain configurations
• Email domain and mailbox configurations
• DNS zone records (if using our DNS management)

Technical data collected automatically:

• IP address (for security, rate limiting, and session management)
• Browser user agent (stored with sessions for device identification)
• Timestamps of login, API usage, and deployments

Billing data:

• Billing plan selection and subscription status
• Payment processing is handled entirely by Stripe — we do not store credit card numbers or payment details on our servers

• To provide and maintain our hosting platform services
• To authenticate your identity and manage sessions
• To send transactional emails (account verification, password resets, deployment notifications, billing alerts)
• To process payments through Stripe
• To detect and prevent abuse, fraud, and security threats
• To enforce our Terms of Service and resource limits
• To improve our services based on aggregate, anonymized usage patterns

We do not sell, rent, or share your personal data with third parties for marketing purposes.

• Passwords are hashed with bcrypt (irreversible)
• DKIM private keys are encrypted with AES-256-GCM before database storage
• All connections use HTTPS/TLS encryption in transit
• Authentication cookies are HttpOnly and Secure, preventing client-side access
• Sessions are managed server-side with automatic expiration (max 5 concurrent sessions per user)
• User containers are network-isolated from platform infrastructure
• Environment variables and secrets are stored encrypted and accessible only to their respective services

We use the following third-party services that may process your data:

We send the following types of emails to registered users:

• Account verification — email address confirmation during registration (required)
• Password reset — when you request a password reset (required)
• Deployment notifications — build success/failure alerts for your services
• Billing alerts — payment confirmations, plan changes, and invoices
• Security alerts — unusual login activity or account changes

All emails are transactional — they are necessary for the operation of your account and the services you use. We do not send marketing or promotional emails. We do not share your email address with third parties for marketing purposes.

Email delivery is processed through Amazon Simple Email Service (SES) and our self-hosted mail infrastructure. Bounce and complaint notifications are monitored automatically — hard-bounced addresses are permanently suppressed, and complaint addresses are immediately removed from future communications.

You can stop receiving all emails by deleting your account.

We use cookies strictly for essential platform functionality. We do not use any analytics, advertising, or tracking cookies.

All authentication cookies are set as HttpOnly (inaccessible to JavaScript) and Secure (transmitted only over HTTPS) with SameSite=Lax protection against cross-site request forgery.

We do not use localStorage, sessionStorage, or any other client-side storage mechanisms beyond the cookies listed above.

• Account data is retained for as long as your account is active
• Build logs are retained for up to 30 days after a deployment
• Authentication sessions expire automatically (7 or 30 days)
• When you delete your account, all associated data (projects, services, domains, mailboxes, logs) is permanently deleted

If you are located in the European Economic Area, you have the right to:

• Access — request a copy of the personal data we hold about you
• Rectification — request correction of inaccurate data
• Erasure — request deletion of your account and all associated data
• Data portability — request an export of your data in a machine-readable format
• Restriction — request that we limit processing of your data
• Objection — object to processing of your data

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

We may update this Privacy Policy from time to time. We will notify registered users of significant changes via email. The "Last updated" date at the top of this page indicates when the policy was last revised.

Your data is stored on servers located at 2131 Göd, Pesti út 104., Hungary (European Union). All data processing occurs within the EU. We do not transfer personal data outside the European Economic Area except through third-party processors listed in Section 5, which maintain adequate data protection standards (e.g., Standard Contractual Clauses).

If you have questions about this Privacy Policy or our data practices, contact us at:

• Company: Miszterek Fix Kft.
• Registered seat: 2600 Vác, Dózsa György út 68. 2a, Hungary
• VAT: 27810929-2-13
• Email: [email protected]
• Website: deploysapp.com