Privacy Policy
Last updated: March 15, 2026
At Telbase, we believe in transparency about how we collect, use, and protect your information. This Privacy Policy explains our data practices and your privacy rights when you use our deployment platform.
Our Privacy Commitment: We collect only the data necessary to provide our Service. We never sell your personal information. Your deployed application code and data belong to you.
1. Information We Collect
1.1 Account Information
When you create an account via Google, Microsoft, or GitHub authentication, we receive and store:
- Email address
- Display name
- Profile photo URL (if provided by the auth provider)
- OAuth provider ID (for authentication purposes)
1.2 Organization Information
If you create an organization account, we collect:
- Organization name
- Team member email addresses
- Billing contact information
1.3 Payment Information
Payment processing is handled by Stripe. We do not store full payment credentials (card numbers, CVV, or bank account details). We receive from Stripe:
- Payment method summary (e.g., last four digits, payment type)
- Billing address
- Payment status and transaction history (including credit purchases)
1.4 Your Content
When you deploy applications through Telbase, we process:
- Application code: Uploaded to our infrastructure for building and deployment
- Environment variables: Stored encrypted to inject at runtime
- Database data: Stored in managed PostgreSQL or SQLite databases
- Build logs: Generated during the deployment process
We Do Not Access Your Application Data
We do not read, analyze, or use the content of your deployed applications or databases except as necessary to provide the Service (e.g., running builds, executing database migrations) or when legally required.
1.5 Usage Information
We automatically collect certain information when you use our Service:
- CLI commands executed (command type only, not arguments or secrets)
- Dashboard pages visited
- Deployment timestamps and status
- API request metadata (endpoint, timestamp, response code)
- IP addresses (for security and rate limiting)
- Browser type and version (for dashboard users)
1.6 Information from Third Parties
We may receive information from integrated services:
- GitHub: Repository names, commit metadata when auto-deploy is enabled
- Cloudflare: Access logs for authenticated users of your applications
2. How We Use Your Information
We use the information we collect to:
2.1 Provide the Service
- Authenticate you and manage your account
- Build and deploy your applications
- Provision and manage databases
- Configure authentication for your deployed apps
- Process your payments
2.2 Improve and Maintain the Service
- Monitor system performance and reliability
- Identify and fix bugs and errors
- Analyze usage patterns to improve features
- Develop new features based on user needs
2.3 Communicate with You
- Send deployment status notifications
- Alert you to billing issues or account problems
- Respond to your support requests
- Send important service announcements
- Provide product updates (you can opt out)
2.4 Security and Compliance
- Detect and prevent fraud, abuse, and security incidents
- Enforce our Terms of Service and Acceptable Use Policy
- Comply with legal obligations
We do not: Sell your personal information. Use your data for advertising. Train AI models on your code or data. Share your information with third parties for their marketing purposes.
3. Data Storage and Security
3.1 Where We Store Your Data
Your data is stored across our infrastructure providers:
| Data Type | Storage Location | Provider |
|---|---|---|
| Account information | United States | Render PostgreSQL |
| Application code (serverless) | United States | Vercel |
| Application code (containers) | United States | Google Cloud Platform |
| PostgreSQL databases | United States | Neon or Cloud SQL |
| SQLite databases | United States | Turso |
| Environment variables | United States | Encrypted at rest (AES-256-GCM) |
| CDN cache | Global edge network | Cloudflare |
| Auth sessions | Global edge network | Cloudflare Access |
3.2 How We Protect Your Data
We implement industry-standard security measures:
- Encryption in transit: All connections use TLS 1.2 or higher
- Encryption at rest: Databases and secrets are encrypted using AES-256
- Secret encryption: Environment variables are encrypted with AES-256-GCM before storage
- Access controls: Role-based access with principle of least privilege
- Authentication: SSO via established providers (Google, Microsoft, GitHub)
- Monitoring: 24/7 infrastructure monitoring and alerting
For more details about our security practices, see our Security page.
4. Data Sharing
4.1 Service Providers
We share data with third-party service providers who help us operate the Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| Vercel | Serverless hosting | Application code, build logs |
| Render | Control plane API hosting | API metadata, logs |
| Google Cloud Platform | Container hosting, managed databases | Application code, databases, logs |
| Neon | PostgreSQL databases | Database data, connection metadata |
| Turso | SQLite databases | Database data, connection metadata |
| Cloudflare | CDN, SSL, authentication | Traffic data, auth sessions |
| Stripe | Payment processing | Billing information |
| GitHub | Repository integration | OAuth tokens (encrypted) |
| Resend | Transactional email delivery | Email addresses, notification content |
These providers are contractually bound to protect your data and use it only for the purposes we specify.
4.2 Legal Requirements
We may disclose your information if required to:
- Comply with a law, regulation, or legal process
- Respond to lawful requests from government authorities
- Protect our rights, privacy, safety, or property
- Enforce our Terms of Service
4.3 Business Transfers
If Telbase is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or use of your personal information.
4.4 With Your Consent
We may share your information in other ways if you explicitly consent to such sharing.
We never sell your data. We do not sell, rent, or trade your personal information to third parties for their commercial purposes.
6. Your Privacy Rights
Depending on your location, you may have certain rights regarding your personal information:
6.1 Access and Portability
You can request a copy of the personal information we hold about you. We will provide this in a commonly used, machine-readable format.
6.2 Correction
You can update your account information through the dashboard. For other corrections, contact us and we will update inaccurate information.
6.3 Deletion
You can request deletion of your account and personal information. Note that:
- We may retain certain data as required by law
- Deletion of your account will delete all your deployed applications
- Some information may persist in backups for up to 30 days
6.4 Objection and Restriction
You can object to certain processing of your data or request that we restrict processing while we address your concerns.
6.5 Withdraw Consent
Where we rely on consent for processing, you can withdraw that consent at any time. This does not affect processing that occurred before withdrawal.
6.6 How to Exercise Your Rights
To exercise any of these rights, contact us at [email protected]. We will respond to your request within 30 days. We may ask you to verify your identity before processing your request.
California Residents
Under the CCPA, California residents have additional rights including the right to know what personal information is collected, to delete personal information, and to opt-out of the sale of personal information. As stated above, we do not sell personal information.
European Residents
Under the GDPR, EU residents have rights including access, rectification, erasure, restriction, portability, and objection. Our legal basis for processing is contract performance and legitimate interests. You have the right to lodge a complaint with your local data protection authority.
7. Data Retention
We retain your information for as long as necessary to provide the Service:
| Data Type | Retention Period |
|---|---|
| Account information | Until account deletion + 30 days |
| Application data | Until you delete the application |
| Database backups | 7 days after deletion |
| Build logs | 90 days |
| Access logs | 30 days |
| Billing records | 7 years (legal requirement) |
8. Children's Privacy
Telbase is not intended for children under 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at [email protected] and we will delete that information.
9. International Data Transfers
Your information may be transferred to and processed in the United States, where our servers and service providers are located. If you are located outside the United States, please be aware that data protection laws may differ from those in your country.
For transfers from the European Economic Area, we rely on:
- Standard Contractual Clauses approved by the European Commission
- Service providers' certifications and compliance frameworks
By using the Service, you consent to the transfer of your information to the United States and other countries where we operate.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the updated policy on our website
- Sending an email to your registered email address
- Displaying a notice in the dashboard
The "Last updated" date at the top of this policy indicates when it was last revised. We encourage you to review this policy periodically.
11. Contact Us
Questions about your privacy?
If you have questions or concerns about this Privacy Policy or our data practices, please contact us:
Email: [email protected]
We will respond to privacy-related inquiries within 30 days.