Get started

Legal

Your data.
Our responsibility.

DunOps is built on confirm-before-mutate. The same principle governs your data — we collect only what we need, tell you exactly what we hold, and never sell it.

Effective May 21, 2026

Email only

We store your email address and nothing else at sign-up. No name, no phone, no payment info on the free tier.

Zero plaintext secrets

Provider tokens are encrypted before being written to disk. They're never logged, never exposed in error messages.

No tracking

No advertising cookies. No third-party analytics. No cross-site fingerprinting. One session cookie, full stop.

Delete anytime

Request account deletion and your data is gone within 30 days. Provider tokens are removed immediately.

01

What we collect

Your email, your provider tokens, and your chat history. Nothing else.

We collect the minimum data required to run the service:

  • Email address — used for authentication via one-time code or magic link. No password is ever stored.
  • Provider OAuth tokens — for services you connect (GitHub, Vercel, Namecheap, Spaceship). Stored encrypted at rest, used only to execute actions you explicitly approve.
  • Chat threads — the prompts you send and the agent responses, retained to support continuity across sessions.
  • Workflow logs — records of operations the agent executed on your behalf, retained for audit and replay.
  • Usage metrics — timestamps and request counts for billing and reliability. No message content is included.
02

How we use it

To run the product, keep it reliable, and support you when something breaks.

We use your data to:

  • Authenticate you and maintain your session
  • Execute DevOps operations on your behalf when you approve them
  • Store and retrieve your chat history and playbooks
  • Monitor service reliability and debug issues
  • Provide customer support when you contact us
  • Comply with legal obligations

We do not use your chat content to train AI models. Prompts are processed by Anthropic under their API data handling policy.

03

Who we share it with

Only the services that need it to do their job. Never sold.

  • Provider APIs — tokens passed to platforms you've connected when executing approved actions.
  • Anthropic — chat messages sent for AI inference under their data processing agreement.
  • AWS — compute and storage infrastructure (us-east-1). All data encrypted in transit and at rest.
  • Legal requirements — only if required by law or court order.

We never sell, rent, or trade your personal data.

04

Data retention

Data lives as long as your account does. Tokens disappear the moment you disconnect.

  • Chat threads and workflow logs retained while your account is active.
  • Provider tokens deleted immediately when you disconnect a provider.
  • Account data permanently deleted within 30 days of a deletion request.
  • Anonymised usage metrics may be retained indefinitely in aggregate form.
05

How we protect it

The same confirm-before-mutate principle applies to your data.

  • All data encrypted at rest (AES-256) and in transit (TLS 1.3)
  • Provider tokens encrypted before storage — never logged in plaintext
  • No persistent passwords — authentication is short-lived codes only
  • Workspace isolation at the database row level — cross-workspace access is structurally impossible
  • Principle of least privilege for all internal service access

See our Security page for the full picture.

06

Your rights

Access, correct, export, or delete — just ask.

Depending on your jurisdiction, you may have the right to:

  • Access — a copy of the data we hold about you
  • Correction — fix inaccurate or incomplete data
  • Deletion — remove your account and all associated data
  • Portability — receive your data in a machine-readable format
  • Objection — object to certain processing activities

Email privacy@dunops.com. We respond within 30 days.

07

Cookies

One session cookie. No tracking. No ad networks.

DunOps sets a single dunops_session cookie to keep you logged in. It is httpOnly, SameSite=Strict, and not accessible to JavaScript. Theme preference (dunops:theme) is stored in localStorage, not a cookie. No advertising or analytics cookies are set.

08

Policy changes

We'll email you 14 days before anything material changes.

We notify you of material changes via email at least 14 days before they take effect. The effective date at the top of this page always reflects the live version. Continuing to use the service after the effective date constitutes acceptance of the updated policy.

Privacy questions or data requests?

privacy@dunops.com