Privacy Policy

When you create an account, we store your name, email address, and profile image from your authentication provider (GitHub or Google). If you sign up with email and password, we store a hashed version of your password — never the plaintext.

When you use the platform, we store the workspaces, services, databases, and configurations you create. We also store deployment logs, query history, and activity logs to provide functionality within the dashboard.

We collect basic usage data — page views, feature usage, and error reports — to understand how the product is used and where it breaks. We do not use third-party analytics trackers.

We do not read, scan, or analyze the source code you deploy through Bunzed. Your repositories are cloned during the build process and discarded after the container image is created.

We do not sell, rent, or share your personal information with third parties for marketing purposes. We do not build advertising profiles. We do not track you across other websites.

Your account information is used to authenticate you and display your profile within the app. Your workspace data is used to provide the services you’ve configured — deployments, databases, metrics, and team collaboration.

Usage data is used internally to fix bugs, improve performance, and prioritize features. We may use aggregated, anonymized statistics (e.g., total number of deployments) in public communications, but never individual data.

Bunzed is designed to run on your own infrastructure. When self-hosted, your application data, databases, and deployed services live entirely on your servers. The only data that leaves your infrastructure is authentication requests to your configured OAuth provider and, if you use Stripe billing, payment-related API calls to Stripe.

We do not have access to your self-hosted instance, its data, or its traffic unless you explicitly grant us access for support purposes.

We use Stripe to process payments. When you subscribe to a paid plan, Stripe collects and processes your payment information directly. We do not store credit card numbers — Stripe handles this in compliance with PCI DSS. See Stripe’s privacy policy for details.

We use GitHub and Google as OAuth providers for authentication. When you sign in with GitHub, we request repository and webhook scopes so that you can deploy directly from your repos and enable auto-deploy on push. These permissions are requested at sign-in, but we only access repositories you explicitly connect for deployment.

Your data is retained as long as your account is active. If you delete your account, we remove your personal information, workspaces, and associated data within 30 days. Deployment logs and activity history are deleted immediately upon workspace deletion.

Backups may retain deleted data for up to 90 days for disaster recovery purposes, after which they are rotated and permanently destroyed.

We use a single session cookie to keep you logged in. We do not use tracking cookies, advertising cookies, or third-party cookie-based analytics. That’s it.

You can export your data, update your account information, or delete your account at any time from the Settings page. If you need help with any of these, reach out to us on Discord and we’ll handle it promptly.

If we make material changes to this privacy policy, we’ll notify you via email or an in-app notification before the changes take effect. Minor clarifications or formatting changes won’t trigger a notification but will be reflected in the “last updated” date above.