Privacy Policy

Last updated: July 6, 2026

Podway is an early-stage product. This policy explains what data we collect, why we collect it, and how we handle it. We try to collect as little as possible.

Who we are

Podway is operated as an independent product. We are not yet a formally registered business entity. If you have questions about this policy, contact us atlegal@podway.dev.

What we collect

Account information

When you sign in with GitHub, we receive your GitHub username, email address, and profile avatar from GitHub's OAuth API. We store your email address and avatar URL to identify your account and display it in the dashboard.

Usage data

We log actions you take within Podway — such as creating deployments, modifying environment variables, and inviting team members. These are stored in an audit log associated with your organization and are visible to org owners and admins.

Payment information

Payments are processed by Stripe. We never see or store your credit card number, CVV, or full card details. Stripe provides us with a customer ID and subscription status. You can review Stripe's privacy policy atstripe.com/privacy.

Infrastructure data

We store configuration you provide — application names, environment variables, resource limits, domain names, and deployment history. Environment variable values marked as secrets are encrypted at rest using AES-GCM and are never returned in API responses after they are saved.

Build logs

Build logs are generated by BuildKit and streamed to your browser in real time. Logs are stored temporarily and associated with the specific build that produced them.

What we don't collect

We do not use advertising trackers, third-party analytics, or behavioral profiling. We do not sell your data. We do not share your data with third parties except as described in this policy.

How we use your data

  • To authenticate you and identify your account
  • To operate the platform — build, deploy, and manage your applications
  • To manage your subscription via Stripe
  • To provide audit logs to your organization
  • To contact you about your account if necessary

Data storage

Your data is stored on servers we operate. We take reasonable technical measures to protect it, including encryption of secrets at rest and TLS for all data in transit. We are an early-stage product and do not yet have formal security certifications.

Data retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law.

Your rights

You can request a copy of the data we hold about you, ask us to correct inaccurate data, or request deletion of your account and associated data. Email us atlegal@podway.dev for any of these requests.

Cookies

We use a single session cookie to maintain your authenticated session. We do not use third-party cookies or tracking cookies.

Changes to this policy

We may update this policy as the product evolves. We'll update the date at the top of this page when we do. For significant changes, we'll notify you by email if we have one on file.

Contact

Questions or concerns? Email us atlegal@podway.dev.