Privacy Policy

Last updated: April 8, 2026

Glinr is a deployment platform. You push code, we run it. This policy covers what data we collect, why, and how we keep it safe. We wrote it in plain language.

Information We Collect

We collect only what we need to run the platform and nothing more.

  • Account information — your name, email address, and password (hashed with bcrypt) when you sign up.
  • Usage data — deployments you create, services you run, build logs, and runtime metrics (CPU, memory, request counts). These are needed to operate and display your dashboard.
  • Environment variables — secrets you store for your deployments. These are encrypted at rest using AES-256 and never logged or exposed in plaintext.
  • Payment information — billing details handled entirely by Stripe. We store only the last four digits of your card and your subscription status. We never see or store your full card number.
  • Technical data — IP address, browser type, and approximate location for security monitoring and fraud prevention.

If you use the open-source Glinr agent on your own VPS (Connected Cloud), the agent communicates with our API to report metrics and receive deployment instructions. The agent does not send your application source code or environment variables to us — those stay on your server.

How We Use Your Data

  • To provision and manage your deployments on Glinr infrastructure.
  • To display build logs, metrics, and service status in your dashboard.
  • To process subscription payments and send billing receipts.
  • To send transactional emails — deployment alerts, downtime notifications, and account security emails. We do not send marketing emails without your explicit opt-in.
  • To detect abuse, enforce rate limits, and protect platform security.
  • To improve the platform — aggregated, anonymized usage patterns help us prioritize features. We do not use your data to train AI models.

We don't sell your data, use it for ads, or share it with anyone not listed in this policy.

Data Storage & Security

Glinr infrastructure runs on Hetzner (EU, Germany) and Microsoft Azure (US). Your data may be stored in either region depending on your plan and configuration. We are transparent about this: Glinr Cloud on Hetzner infrastructure is subject to German data protection law (BDSG) and the GDPR. Deployments on Azure US are subject to US data handling practices.

  • All data in transit is encrypted with TLS 1.3.
  • Environment variables are encrypted at rest with AES-256.
  • Authentication uses httpOnly cookies — auth tokens are never accessible to JavaScript, which protects against XSS-based token theft.
  • Passwords are hashed with bcrypt and never stored in plaintext.
  • User containers are network-isolated with separate Docker networks per account.
  • We conduct periodic security reviews and patch dependencies promptly.

Third-Party Services

We use a small number of third-party services to operate Glinr:

  • Stripe— payment processing. Stripe’s privacy policy governs how they handle payment data.
  • Hetzner — cloud infrastructure provider (EU). Data hosted on Hetzner is processed under the GDPR.
  • Microsoft Azure — cloud infrastructure provider (US). Used for US-region deployments.
  • KavachOS — authentication infrastructure. Handles session management and token issuance.

We do not use Google Analytics, Meta Pixel, or any third-party advertising trackers.

Cookies

We use cookies only for what is strictly necessary to operate the service:

  • Session cookie — an httpOnly, Secure cookie that keeps you logged in. It expires when you sign out or after 30 days of inactivity.
  • CSRF token — protects form submissions from cross-site request forgery attacks.

We do not use tracking cookies, advertising cookies, or analytics cookies. There is no cookie banner because there is nothing to consent to beyond what is essential for the service to function.

Data Retention

  • Build logs — retained for 30 days on the free plan, 90 days on paid plans.
  • Runtime metrics — 7-day rolling window on the free plan, 30-day on paid plans.
  • Account data — retained for the lifetime of your account. If you delete your account, your data is purged within 30 days, except where we are legally required to retain billing records (typically 7 years for financial records under EU law).
  • Environment variables — deleted immediately when you remove a service or delete your account.

Your Rights

If you are in the EU or UK, you have the following rights under the GDPR:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure— request deletion of your data (“right to be forgotten”), subject to legal retention requirements.
  • Portability — receive your data in a machine-readable format.
  • Objection — object to processing based on legitimate interests.
  • Restriction — ask us to limit processing in certain circumstances.

To exercise any of these rights, email us at [email protected]. We respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority.

Children’s Privacy

Glinr is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal information, contact us at [email protected] and we will delete it promptly.

Changes to This Policy

If we make material changes to this policy, we will notify you by email at least 14 days before the changes take effect. Minor clarifications (fixing typos, improving readability) may be made without notice. The “last updated” date at the top of this page always reflects the current version.

Contact

Questions about this policy or how we handle your data? Reach us at:

Terms of ServiceBack to home