Sign in

Privacy Policy

Last updated: May 27, 2026

This Privacy Policy explains how DeployDoc, operated by Khaled Atieh (sole proprietor, "we", "us"), collects, uses and protects information when you use deploydoc.com.

1. What we collect

  • Account data: email, display name, hashed password or OAuth identifier.
  • Diagnostic input: env files, build logs, repo metadata you submit. Values matching secret patterns are redacted in the UI and storage.
  • Provider tokens: OAuth/PAT tokens from GitHub, Vercel, Netlify and similar. Encrypted at rest with AES-GCM using a server-only key.
  • Usage telemetry: page views, scan counts, error rates — aggregated, no PII.

2. How we use it

To operate the Service, run diagnostics on your behalf, send transactional emails (signup confirmation, password reset, billing notices) from support@deploydoc.com, and improve the rules engine. We never sell your data.

3. Cross-user isolation

Every diagnostic record, connection and token is scoped to your user ID and enforced at the database layer via row-level security. Other users cannot view, list or query your data.

4. Encryption

Provider tokens use AES-GCM encryption with a key held only on our servers. MCP and API tokens are stored as SHA-256 hashes — we cannot recover them. All traffic uses TLS 1.2+.

5. Sub-processors

  • Supabase (managed Postgres, auth) — EU/US regions
  • Cloudflare (edge runtime, CDN)
  • Paddle (payments, tax compliance)
  • Lovable Email infrastructure (transactional email from deploydoc.com)

6. Your rights

Under GDPR / CCPA you may access, export or delete your data directly from your account page — no email request needed. Export downloads a JSON snapshot; deletion is immediate and irreversible. For anything else, email support@deploydoc.com and we will respond within 30 days.

7. Retention

Diagnostic runs are retained until you delete them. Raw pasted logs and env values are redacted in-browser before transport — we never store the originals. Sensitive actions on your account are recorded to an append-only audit log visible to you on the account page. Billing records are retained as required by tax law.

8. Cookies

We use first-party cookies for session auth and theme preference. No third-party advertising or tracking cookies.

9. Children

DeployDoc is not directed to anyone under 16. We do not knowingly collect data from children.

10. Contact

Data controller: Khaled Atieh, doing business as DeployDoc. Privacy questions: support@deploydoc.com