Privacy Policy

1. Data We Collect

• Account Data: When you log in via Google, Microsoft, or GitHub, we collect your email address and name to manage your account.
• Billing Data: We use Stripe for payment processing. We do not see or store your credit card details; they are handled entirely by Stripe.
• Infrastructure Data: We collect minimal logs (IP addresses and timestamps) for security monitoring and to prevent abuse.

2. Security of API Keys — The Safe-Vault Policy

We recognise the sensitivity of your LLM API keys (OpenAI, Anthropic, etc.).

• Encryption: All API keys provided by you are encrypted at the application level using AES-256-GCM before being stored in our database.
• Access: We cannot view your keys in plain text. They are decrypted only in memory during the automated deployment process of your instance.

3. Data Hosting & Location

All user instances and data backups are hosted on professional datacenter hardware located within the European Union (Germany and Finland) via Hetzner. This ensures low latency for European users and strict adherence to EU data residency standards.

4. Data Retention & Backups

• Workspaces: Your workspace data is stored on persistent volumes.
• Backups: We maintain 1 nightly automated backup and up to 3 manual snapshots, stored securely in Cloudflare R2 (S3-compatible storage).
• Deletion: When you delete an instance, all associated data and backups are permanently wiped from our servers and storage buckets.

5. Your Rights (GDPR)

If you are an EU resident, you have the right to access, correct, or delete your personal data. You may close your account at any time via the user dashboard or by contacting support@oclhosting.com.