Privacy Policy

This Privacy Policy explains how DeployFly ("DeployFly", "we", "our", or "us") collects, uses, and protects information about you when you use our website and server management platform. By using DeployFly, you agree to the practices described in this policy.

1. Information We Collect

Account Information

When you register, we collect your name, email address, and password (stored as a one-way hash). If you sign up via a social login (GitHub, GitLab, or Google), we receive your public profile information from that provider as permitted by their OAuth scopes.

Server Credentials

To manage your VPS servers, you provide SSH credentials (IP address, port, username, and password or private key). These credentials are encrypted at rest using AES-256 encryption and are only decrypted in memory at the moment they are needed to execute a command on your behalf. We never display or log your raw SSH passwords or private keys.

Payment Information

Payments are processed by our third-party payment processors (Stripe and/or PayPal). DeployFly does not store your full credit card number, CVV, or bank account details. We may retain the last four digits of your card, card type, expiry date, and billing address for display purposes and for managing your subscription.

Usage and Technical Data

We automatically collect technical and usage data when you use the platform, including:

• IP address, browser type, and operating system
• Pages and features you visit within the panel
• Actions performed (server added, application deployed, etc.) — without the content of commands
• Session duration and navigation patterns
• Error messages and crash reports to help us improve the service

Communications

If you contact us via email or the support ticket system, we store the content of that communication along with your contact details in order to respond to and resolve your request.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and improve the DeployFly service
• Authenticate you and keep your account secure
• Execute management commands on servers you connect to the platform
• Process subscription payments and manage billing
• Send transactional emails (account confirmation, password reset, invoices, alerts)
• Send product updates and announcements (you may opt out at any time)
• Respond to support requests and customer enquiries
• Monitor platform health and diagnose technical issues
• Comply with legal obligations

3. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We share information only in the following circumstances:

• Payment processors. Stripe and/or PayPal receive the billing information necessary to process your subscription payments, subject to their own privacy policies.
• Hosting infrastructure. Your data is stored on cloud servers. These providers process data on our behalf and are bound by data processing agreements.
• Analytics. If you or the platform operator has enabled Google Analytics 4, anonymised usage data is shared with Google to analyse platform traffic.
• Legal requirements. We may disclose your information if required to do so by law, court order, or government authority, or to protect the rights and safety of DeployFly and its users.
• Business transfers. In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you before your data is subject to a different privacy policy.

4. Data Security

We take the security of your data seriously. Measures we employ include:

• AES-256 encryption for stored server credentials and secrets
• TLS/HTTPS for all data in transit between your browser and our servers
• Bcrypt hashing for all passwords — we never store plaintext passwords
• Access controls limiting employee access to production data
• Regular security reviews and dependency updates
• Optional two-factor authentication (2FA) for your account

No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data using commercially acceptable means, we cannot guarantee absolute security.

5. Data Retention

We retain your account data for as long as your account is active. If you close your account, we will retain your data for 30 days in case you wish to reactivate, after which it is permanently deleted. Billing records may be retained for longer periods as required by law (typically 7 years for tax and accounting purposes). Server credentials are deleted immediately upon server removal or account deletion.

6. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal data:

• Access. Request a copy of the personal data we hold about you.
• Rectification. Correct inaccurate or incomplete information.
• Erasure. Request deletion of your account and associated data.
• Portability. Receive your data in a structured, machine-readable format.
• Restriction. Ask us to limit how we process your data in certain circumstances.
• Objection. Object to processing based on legitimate interests.
• Withdraw consent. Where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at privacy@vpspro.io. We will respond within 30 days. You may also delete your account at any time from the Account Settings page.

7. Cookies

DeployFly uses the following categories of cookies:

• Essential cookies. Required for the platform to function — session tokens, authentication state, and CSRF protection tokens.
• Preference cookies. Remember your panel settings such as theme and sidebar state.
• Analytics cookies. If Google Analytics is enabled by the platform operator, anonymised usage data is collected to help improve the service. You may opt out via your browser settings or the Google Analytics Opt-out Browser Add-on.

You can control cookies through your browser settings. Disabling essential cookies will prevent you from logging in to the platform.

8. Third-Party Links and Services

The DeployFly platform may contain links to third-party websites or services (GitHub, GitLab, PayPal, DigitalOcean documentation, etc.). These are governed by their own privacy policies. We are not responsible for the privacy practices of third-party sites.

9. International Data Transfers

DeployFly is operated from servers that may be located outside your country of residence. By using the service, you consent to the transfer of your data to countries that may have different data protection laws than your own. Where required (e.g., transfers from the EEA), we rely on Standard Contractual Clauses or other appropriate safeguards.

10. Children's Privacy

DeployFly is not directed at children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with their information, contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by displaying a prominent notice in the panel. Your continued use of DeployFly after the effective date of the updated policy constitutes your acceptance of the changes.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at: