At CupaDev, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our deployment platform.
1. Information We Collect
1.1 Information You Provide
- Account Information: Name, email address, company name, billing information
- Authentication Data: OAuth tokens for GitHub, GitLab, Bitbucket
- Payment Information: Credit card details (processed by Stripe, not stored by us)
- Support Communications: Messages you send to our support team
1.2 Information Collected Automatically
- Usage Data: Pages visited, features used, time spent on the Service
- Device Information: IP address, browser type, operating system
- Cookies: Session cookies, preference cookies, analytics cookies
- Log Data: API requests, errors, performance metrics
1.3 Information from Your Applications
- Source Code: Code repositories you deploy (stored temporarily during builds)
- Environment Variables: Configuration data you provide (encrypted at rest)
- Build Logs: Deployment logs and error messages
- Application Metrics: Performance data, request logs, error rates
2. How We Use Your Information
We use the collected information for:
- Service Provision: To provide, maintain, and improve the Service
- Account Management: To create and manage your account
- Billing: To process payments and send invoices
- Communication: To send service updates, security alerts, and support messages
- Analytics: To understand usage patterns and improve features
- Security: To detect and prevent fraud, abuse, and security incidents
- Legal Compliance: To comply with legal obligations and enforce our Terms
3. How We Share Your Information
We do not sell your personal information. We share information only in these circumstances:
3.1 Service Providers
We share data with trusted third parties who help us operate the Service:
- Payment Processing: Stripe (for payment processing)
- Infrastructure: OVH (for hosting and infrastructure)
- Analytics: Privacy-focused analytics providers
- Email: Email service providers for transactional emails
3.2 Legal Requirements
We may disclose information if required by law or in response to:
- Legal processes (subpoenas, court orders)
- Government requests
- Protection of our rights and safety
- Investigation of fraud or security issues
3.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.
4. Data Storage and Security
4.1 Data Location
Your data is stored in secure data centers operated by OVH in France and the European Union. We comply with GDPR and EU data protection regulations.
4.2 Security Measures
We implement industry-standard security measures:
- Encryption in transit (TLS/SSL)
- Encryption at rest for sensitive data
- Regular security audits and penetration testing
- Access controls and authentication
- Automated backups
- DDoS protection
4.3 Data Retention
We retain your data for as long as your account is active and for a reasonable period after:
- Account Data: Retained until account deletion + 30 days
- Build Logs: Retained for 90 days
- Billing Records: Retained for 7 years (legal requirement)
- Backups: Retained for 30 days
5. Your Rights (GDPR)
Under GDPR, you have the following rights:
- Right to Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion of your data ("right to be forgotten")
- Right to Restriction: Request limited processing of your data
- Right to Portability: Receive your data in a machine-readable format
- Right to Object: Object to processing of your data
- Right to Withdraw Consent: Withdraw consent at any time
To exercise these rights, contact us at privacy@cupadev.com
6. Cookies
We use cookies and similar technologies:
- Essential Cookies: Required for authentication and basic functionality
- Analytics Cookies: To understand how you use the Service
- Preference Cookies: To remember your settings
You can control cookies through your browser settings. Note that disabling cookies may affect functionality. For more information, see our Cookie Policy.
7. Third-Party Links
The Service may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. Please review their privacy policies before providing any information.
8. Children's Privacy
The Service is not intended for users under 16 years of age. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.
9. International Data Transfers
While we primarily store data in the EU, some service providers may be located outside the EU. In such cases, we ensure appropriate safeguards are in place (Standard Contractual Clauses, Privacy Shield, etc.).
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through the Service. The "Last updated" date at the top indicates when the policy was last revised.
11. Data Protection Officer
For data protection inquiries or to exercise your GDPR rights, contact our Data Protection Officer:
Email: privacy@cupadev.com
Address: [To be filled with company address]