Privacy Policy

What we collect

We collect the minimum necessary to operate the Service:

• Account data: email address, name, and hashed password (via Supabase Auth)
• Job data: payloads, results, and metadata you submit to queues — stored temporarily for processing and 30 days for observability
• Billing data: Stripe handles payment; we store only your Stripe customer ID
• Usage data: job execution counts per workspace for billing and quota enforcement
• Logs: server request logs retained for up to 90 days for security and debugging

How we use it

• Provide and improve the Service
• Send transactional emails (account creation, billing receipts, failure alerts you opt into)
• Enforce quotas and detect abuse
• Respond to support requests

We do not sell your data, use it for advertising, or share it with third parties except as described below.

Sub-processors

We use the following third-party services to operate Rotor:

• Supabase — authentication and Postgres database (EU region)
• Railway — hosting and Redis (US region)
• Stripe — payment processing
• Resend — transactional email
• Sentry — error monitoring

Data retention

• Job history: 30 days for free plans, 90 days for Pro, 1 year for Enterprise
• Account data: retained until you delete your account
• Billing records: 7 years (legal requirement)

Your rights

You may request export or deletion of your data at any time by emailing [email protected]. We will respond within 30 days. Account deletion removes all personal data except billing records required by law.

Cookies

We use only functional cookies — a session cookie for dashboard authentication. No analytics or advertising cookies.

Security

Data is encrypted at rest and in transit. API keys are hashed before storage. See our Security page for details.

Contact

Privacy questions: [email protected]