Privacy policy

Last updated: July 2026

What we store

For each account we keep:
  • Your email and display name from the OAuth provider you signed in with — used to identify your account.
  • OAuth access tokens for any git provider you link (encrypted at rest), used only to clone your repos. Revoke any time from the provider's connected apps page (e.g. github.com/settings/applications).
  • Apps you deploy: name, repo URL, last deployment status, build logs, container ID, host port.

What we don't store

  • Source code from your repositories. Builds happen on a worker, the build directory is wiped after each job.
  • Anything from inside your running container — we don't read live container traffic.

Authentication

Sign-in is OAuth-only (Google or any linked git provider). The control plane verifies the OAuth callback, then issues an HTTP-only session cookie scoped to this domain. Sessions can be revoked at any time from Settings → Security.

Workers

Each worker runs your deployments inside an isolated container with a locked-down security profile and resource caps (CPU, memory, disk, PIDs, bandwidth). Workers never receive your access tokens beyond the single repo URL needed for the current deployment.

Data deletion

Delete an app from the dashboard and it's gone — container, image, DB row. To wipe your account entirely, disconnect GitHub from Settings and contact support.

Contact

Privacy questions: open the Support link in the footer or in Settings.

Deplexo privacy