Privacy Policy

Last updated: May 9, 2026

This Privacy Policy explains how DeployPages ("DeployPages", "we", "us", or "our") handles personal data when you visit our website, create an account, upload and deploy projects, connect domains, use product features, or contact us.

This policy is written for an international audience. Your rights may vary depending on where you live, including under laws such as the GDPR, UK GDPR, CCPA/CPRA, and similar privacy laws.

1. Personal data we collect

We collect personal data in the following categories.

Account and profile data

When you create or use an account, we may collect:

  • Email address
  • Name, avatar, or profile metadata provided by an authentication provider
  • User ID, workspace membership, role, and project ownership records
  • Login, session, and security events

Deployment and project data

When you upload or publish a project, we process:

  • Project names, deployment IDs, workspace IDs, and related metadata
  • Uploaded static files, manifests, file hashes, object sizes, and asset paths
  • Deployment status, publish jobs, runtime snapshots, and domain routing records
  • Default project URLs and custom domain configuration

You are responsible for the files and content you upload. Do not upload personal data or confidential content unless you have the right to do so and understand that published deployments may be publicly accessible.

Anonymous deployment data

DeployPages lets visitors upload and publish temporary projects before signing in. For anonymous deployments, we may process:

  • A pseudonymous anonymous client ID stored in an HTTP-only cookie
  • Temporary upload sessions and staged upload metadata
  • Project, deployment, and default domain records for the temporary workspace
  • Hashed request IP data used for abuse prevention and rate limiting

Anonymous deployment projects are temporary. They are currently designed to expire after 24 hours unless claimed by a signed-in user before expiration. Browser-local anonymous history is only a convenience record and is not the system source of truth.

Billing data

If you purchase a paid plan, billing is handled by our payment or merchant-of-record provider. We may receive and store billing-related records such as:

  • Plan, subscription status, billing interval, renewal, cancellation, and entitlement state
  • Provider customer, checkout, invoice, subscription, or transaction identifiers
  • Billing event logs needed to reconcile access and support billing issues

We do not store full payment card numbers.

Domain, security, and operational data

To operate and secure the service, we may process:

  • IP addresses or hashed IP values
  • User agent strings, request timestamps, route and referrer metadata
  • DNS, domain, certificate, cache, and edge delivery events
  • Error logs, abuse signals, rate-limit events, and security audit records
  • Aggregated performance, traffic, and analytics data

Support and communications

If you contact us, we may collect your email address, message content, attachments, and related support history.

2. How we use personal data

We use personal data to:

  • Provide, operate, and maintain DeployPages
  • Create accounts, authenticate users, and secure sessions
  • Prepare, upload, publish, serve, update, claim, and delete deployments
  • Manage workspaces, projects, domains, certificates, analytics, and settings
  • Process subscriptions, billing events, invoices, plan limits, and entitlements
  • Provide customer support and respond to requests
  • Detect, prevent, and investigate abuse, fraud, spam, malware, phishing, security incidents, and service misuse
  • Debug errors, improve performance, and develop product features
  • Comply with legal obligations and enforce our Terms of Service

3. Legal bases for processing

Where laws such as the GDPR or UK GDPR apply, we rely on one or more of the following legal bases:

  • Contract: to provide the service you requested, including accounts, deployments, domains, and paid plans.
  • Legitimate interests: to secure the service, prevent abuse, troubleshoot issues, improve reliability, and communicate about the product.
  • Consent: where required for optional cookies, marketing communications, or similar optional processing.
  • Legal obligation: where we must keep records, respond to lawful requests, or comply with applicable law.

4. How we share personal data

We do not disclose personal data to third parties in exchange for money. If applicable law treats any future disclosure as a "sale" or "sharing" of personal data, we will provide the notices and choices required by that law. We may share personal data with:

  • Infrastructure providers that host, store, route, cache, or deliver the service and deployed sites
  • Authentication, database, payment, billing, email, analytics, monitoring, and support providers
  • Professional advisers, auditors, or legal representatives
  • Authorities or third parties when required by law, legal process, or to protect rights, safety, security, or service integrity
  • A successor entity in connection with a merger, acquisition, financing, reorganization, or sale of assets

Service providers are permitted to process personal data only as needed to provide services to DeployPages or as otherwise allowed by applicable law.

5. International transfers

DeployPages is built on cloud infrastructure and may process data in countries other than your own. When required by law, we use appropriate safeguards for international transfers, such as contractual protections or provider transfer mechanisms.

6. Retention

We keep personal data only for as long as reasonably needed for the purposes described in this policy, including to provide the service, comply with law, resolve disputes, enforce agreements, and maintain security.

Retention periods vary by data type:

  • Account and workspace records are kept while the account or workspace remains active, and for a reasonable period after deletion when needed for legal, billing, security, or backup purposes.
  • Anonymous deployment projects are currently designed to expire after 24 hours unless claimed.
  • Upload sessions and staging objects are short-lived and may be deleted or marked expired after their validity window ends.
  • Billing, tax, audit, and transaction records may be kept for the period required by law or legitimate business needs.
  • Security, access, abuse-prevention, and operational logs may be kept for a limited period based on the risk and operational purpose.
  • Aggregated or de-identified analytics may be kept longer because it no longer identifies a specific person.

7. Security

We use reasonable administrative, technical, and organizational safeguards designed to protect personal data, including encrypted transport, access controls, production access restrictions, and separation between the control plane and public delivery path.

No system is completely secure. You are responsible for keeping your account credentials safe, managing your team access, and avoiding uploads that expose secrets, private keys, tokens, or confidential information.

8. Your choices and rights

Depending on your location, you may have rights to:

  • Access personal data we hold about you
  • Correct inaccurate data
  • Delete certain data
  • Export or receive a copy of certain data
  • Object to or restrict certain processing
  • Withdraw consent where processing is based on consent
  • Appeal or complain to a privacy regulator

To exercise rights, contact us at support@deploypages.com. We may need to verify your identity before responding.

You can also manage some data directly in the product, such as projects, deployments, domains, workspace settings, and account settings where available.

9. Cookies and browser storage

We use cookies and browser storage for authentication, locale preferences, anonymous deployment continuity, security, and product functionality. See our Cookie Policy for more detail.

10. Children

DeployPages is not directed to children under 13, and we do not knowingly collect personal data from children under 13. If you believe a child has provided personal data to us, contact us and we will take appropriate action.

11. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date shows when the current version took effect. If we make material changes, we may provide notice through the website, product, email, or another reasonable method.

12. Contact

If you have questions about this Privacy Policy or want to exercise privacy rights, contact support@deploypages.com.