1. Introduction
Klystrr ("we", "our", "the platform") is committed to protecting the personal data of its users. This Privacy Policy explains what data we collect, why we collect it, how we store it, and what rights you have over it.
By using Klystrr, you agree to the data practices described in this policy.
2. Data we collect
2.1 User account data
When you create an account, we collect:
- Your email address
- Your name or display name (if provided)
- Password (hashed β never stored in plain text)
- Account creation date and last login date
If you register or link accounts via OAuth (GitHub or GitLab), we receive the data provided by that provider under the authorized scopes (typically: email address and public profile).
2.2 Server-related data
When you connect a VPS server to Klystrr, we store:
- Hostname or IP address
- SSH port
- SSH username
- SSH credentials (private key) β stored encrypted at rest
- Connection test history and status
We do not store the full content of your server's filesystem. We only access your server to perform the operations you configure.
2.3 Git repository data
When you link a GitHub or GitLab repository, we store:
- Repository URL and name
- Selected branch
- OAuth access token β stored encrypted at rest
We access your repositories only to clone or pull code during deployments. We do not index, scan, or store the content of your source code beyond what is needed to execute a deployment.
2.4 OAuth tokens
OAuth tokens issued by GitHub or GitLab are used to access your repositories on your behalf. They are:
- Stored encrypted at rest
- Never logged or exposed in the user interface
- Used exclusively for repository access and webhook management
- Revocable at any time from your GitHub/GitLab account settings
2.5 SSH keys
- Encrypted at rest using a secure encryption method
- Never transmitted in plain text outside of encrypted connections
- Used only to authenticate SSH sessions to your connected servers
- Deletable by removing the server from your Klystrr account
2.6 Environment variables
- Stored encrypted at rest
- Masked in deployment logs (values are never shown in plain text in logs)
- Accessible only to authenticated users of your account
2.7 Deployment logs
Deployment logs contain the output of commands run on your server during a deployment (git, npm, pm2, nginx, etc.). They may include:
- Command output (stdout/stderr)
- Timestamps and phase labels
- Error messages
Logs are stored on Klystrr's servers. Sensitive environment variable values are masked before storage. However, if your commands print secrets to stdout (e.g. console.log(process.env.SECRET)), those values may appear in logs β this is outside Klystrr's control.
2.8 Technical and usage data
- IP addresses used to access the Klystrr dashboard
- Browser and device information (user agent)
- Feature usage patterns for product analytics (if analytics are enabled)
- Error logs and diagnostic data for debugging purposes
3. How we use your data
We use collected data to:
- Provide and operate the Klystrr platform
- Authenticate users and protect accounts
- Execute deployments on your behalf
- Send transactional emails (account confirmation, deployment notifications)
- Detect and prevent abuse or security incidents
- Improve the platform based on usage patterns (anonymized where possible)
We do not sell your personal data to third parties. We do not use your data for advertising.
4. Data retention
| Data type | Retention period |
|---|---|
| Account data | Until account deletion |
| Server credentials | Until server is removed from account |
| OAuth tokens | Until disconnected from account or token is revoked |
| Environment variables | Until deleted by user or project is deleted |
| Deployment logs | 90 days (subject to change; we will notify users of changes) |
| Technical/usage logs | 90 days |
After the retention period, data is deleted or anonymized. You may also request early deletion (see Section 6).
5. Data sharing
We may share data with:
- Infrastructure providers (hosting, databases) who process data on our behalf under data processing agreements
- Third-party services integrated into the platform (e.g. email delivery providers) β limited to what is necessary
- Law enforcement if required by applicable law and only to the extent legally required
We do not share your code, credentials, or deployment data with any third party for their own purposes.
6. Your rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate or incomplete data
- Delete your account and associated data
- Export your data in a portable format
- Object to or restrict certain processing activities
- Withdraw consent where processing is based on consent
To exercise any of these rights, contact us at privacy@klystrr.app or use the account deletion and data export features available in your account settings.
We will respond to requests within 30 days, or as required by applicable law.
7. Data security
We implement technical and organizational measures to protect your data, including:
- Encryption of sensitive data at rest (credentials, tokens, environment variables)
- Encryption in transit (TLS for all connections)
- Access controls limiting who within Klystrr can access user data
- Regular security reviews
No system is completely secure. We cannot guarantee absolute security. In the event of a data breach that affects your personal data, we will notify you as required by applicable law.
8. Children
Klystrr is not intended for users under the age of 16. We do not knowingly collect personal data from minors. If you believe a minor has registered, please contact us and we will delete the account.
9. Changes to this policy
We may update this Privacy Policy at any time. We will notify users of material changes via email or an in-app notice at least 14 days before the changes take effect.
10. Contact
For privacy-related questions or requests:
privacy@klystrr.app