1. Introduction
HowToDeploy ("we", "us", "our") respects your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use howtodeploy ("Service") at howtodeploy.app.
2. Information We Collect
We collect the following types of information:
- Account information — Name, email address, and profile picture provided by your OAuth provider (GitHub, Google) during sign-in.
- Cloud provider API keys — API keys you provide to connect your cloud provider accounts. These are encrypted at rest using AES-256 encryption and only decrypted in memory when performing deployment actions.
- Deployment data — Configuration values, deployment status, server IPs, and provisioning logs associated with your deployments.
- Billing information — Subscription status and PayPal transaction IDs. We do not store your PayPal payment details — PayPal handles all payment processing.
- Usage data — Pages visited, features used, and general usage patterns to improve the Service.
3. How We Use Your Information
- To provision and manage deployments on your cloud provider accounts
- To authenticate you and maintain your session
- To process subscription payments via PayPal
- To send transactional emails (deployment status, billing alerts, SSL expiry warnings)
- To improve the Service and fix bugs
- To respond to support requests
4. Data Storage and Security
We take security seriously:
- Cloud provider API keys are encrypted at rest before storage and only decrypted server-side when needed
- SSH private keys generated for deployments are encrypted and never logged, sent to the client, or written to disk unencrypted
- All data is stored in a PostgreSQL database with access restricted to authorized services
- We use HTTPS for all data in transit
- Secrets are never exposed in client-side code or deployment logs
5. Third-Party Services
We use the following third-party services:
- Cloud providers (DigitalOcean, Hetzner, Vultr, Linode, AWS) — infrastructure provisioning in your accounts
- PayPal — subscription billing and payment processing
- OAuth providers (GitHub, Google) — authentication via Better Auth
- Resend — transactional email delivery
Each third-party service has its own privacy policy. We encourage you to review them.
6. Data Retention
We retain your account data for as long as your account is active. Deployment data (logs, configuration) is retained for 90 days after a deployment is deleted. When you delete your account, all associated data is permanently removed within 30 days.
7. Your Rights
You have the right to:
- Access — Request a copy of the personal data we hold about you
- Correction — Request correction of inaccurate data
- Deletion — Request deletion of your account and associated data
- Export — Request an export of your data in a portable format
To exercise any of these rights, contact us at support@howtodeploy.app.
8. Cookies
We use essential cookies for authentication and session management. We do not use third-party tracking cookies or sell your data to advertisers.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or a notice on the Service. The "Last updated" date at the top reflects the most recent revision.