Privacy Policy

Last updated: May 15, 2026

1. The short version

We collect the minimum we need to run the service. We don't sell your data and we don't read what's on your machine. Cards are handled by Stripe; we never see card numbers. You can delete your account anytime.

2. What we collect

Account & billing

• Email address — for sign-in (magic links) and account email.
• Stripe customer + subscription identifiers — so we can match a payment back to your account. Card numbers, billing addresses, etc. live with Stripe and never touch our servers.

Machine

• SSH public keys you upload (or that we auto-generate on your behalf). Auto-generated private keys are encrypted at rest with AES-256-GCM.
• Machine metadata — slug, IPv4, region, status, last heartbeat timestamp.

Usage

• Server logs — standard HTTP request logs and systemd journal entries on our control plane, retained for ~30 days. Used for debugging and abuse detection.
• Audit log — a record of significant account actions (account creation, machine create/destroy, subscription changes) for our records and yours.

3. What we DON'T collect

• The contents of your machine — files, databases, code, anything you build.
• Your Claude Code conversations. Claude runs locally on your machine and authenticates with your Anthropic account; we have no visibility.
• Marketing pixels, third-party analytics, ad-tech identifiers. The marketing site doesn't use Google Analytics or anything similar.

4. How we use it

• To provide the service: sign you in, provision your machine, issue TLS certs, send sign-in links, handle billing.
• To debug: server logs help us figure out why something broke.
• To detect abuse: protect the service from misuse per the Terms of Service.

5. Who we share data with

We don't sell your data, and we don't share it for advertising. We share with law enforcement only when legally required and will notify you unless prohibited.

6. Security

• All site traffic is over TLS.
• Cert private keys and SSH private keys we generate on your behalf are encrypted at rest with AES-256-GCM.
• Magic-link tokens and agent bearer tokens are stored only as SHA-256 hashes; plaintext exists only in the URL or env file we issue.
• Each machine is its own VM with its own root filesystem. Customer machines don't share state.

No system is perfectly secure. If we discover a breach affecting your account, we'll tell you promptly.

7. Cookies

We set one cookie: an HMAC-signed session cookie after you sign in. No tracking cookies, no analytics cookies, no third-party cookies on the marketing site.

8. Your rights

You can:

• Access your data — most of it is visible in your dashboard; email us for the rest.
• Delete your account — destroys your machine and removes your account record. Email hello@restful.host.
• Export your data — what we have is small; we'll send you a JSON dump.
• If you're in the EU/UK, you have GDPR/UK-GDPR rights including objection, restriction, and data portability. Same email works.

9. Data retention

• Account data — kept while your account is active. Deleted within 30 days of account closure.
• Server logs — ~30 days.
• Audit log — kept indefinitely (small, useful for your own records).
• Stripe billing records — retained per Stripe's policies and applicable tax law.

10. International transfers

Our infrastructure is in the United States (DigitalOcean SFO3). If you're outside the US, your data is processed in the US.

11. Children

Restful isn't for anyone under 18. We don't knowingly collect data from children.

12. Changes

We'll email you for significant changes with at least 14 days' notice. Smaller edits go live with an updated “Last updated” date above.

13. Contact

Questions, requests, or data-rights stuff: hello@restful.host.