Deploy with Confidence: How Oblien Puts Privacy First

When you deploy your application to the cloud, you're not just uploading code—you're entrusting a platform with your intellectual property, your users' data, and your business reputation. That trust shouldn't be taken lightly.

At Oblien, we believe privacy isn't a feature—it's a fundamental right. Here's exactly how we protect you, your code, and your users.

The Privacy Problem in Cloud Deployment

Let's be honest: the cloud deployment industry has a trust problem.

• Vague privacy policies written in legal jargon
• Data collection practices buried in 50-page terms of service
• Unclear data retention policies
• Opaque third-party sharing agreements
• "We may use your data to improve our services" (translation: we're training AI on your code)

We think that's unacceptable.

Your code represents countless hours of work, innovative ideas, and potentially sensitive business logic. You deserve to know exactly what happens to it when you deploy with a platform.

Our Privacy Principles

At Oblien, we operate on three core principles:

1. Minimal Collection

We only collect data that's absolutely necessary to provide our service. No tracking pixels. No behavioral analytics. No "enhancing user experience" euphemisms.

2. Maximum Transparency

Our privacy policy is written in plain English (we know, shocking). If you can't understand what we're doing with your data, we've failed.

3. You Own Your Data

Your code, your deployments, your environment variables, your analytics—it all belongs to you. Not us. You can export or delete everything at any time.

What We Collect (And Why)

Let's get specific. Here's exactly what data we collect:

Account Information

What: Name, email, username, encrypted password
Why: To create and authenticate your account
Retention: As long as your account exists
Your Control: Delete your account anytime to remove all data

Repository Access

What: Repository URLs and branch information you choose to deploy
Why: To clone and deploy your code
Your Control: Grant/revoke access to specific repos through GitHub
Important: We NEVER access repositories you haven't explicitly selected

Build Data

What: Build logs, deployment status, error messages
Why: To show you what's happening during deployment and help debug issues
Retention: 30 days for free plans, 90 days for paid plans
Your Control: Download logs anytime; auto-deleted after retention period

Environment Variables

What: Configuration settings and secrets you add
Why: To configure your application at runtime
Security: Encrypted at rest with AES-256, decrypted only during deployment
Your Control: Edit or delete anytime; never logged or displayed in plain text

Usage Metrics

What: Number of deployments, bandwidth used, build duration
Why: To prevent abuse and help you understand your usage
What We DON'T Track: Individual user behavior, page views, click patterns

Payment Information

What: Billing address and transaction history
Why: To process payments and generate invoices
Security: Credit card details handled exclusively by Stripe (PCI-DSS compliant)
Your Control: We NEVER see your full credit card number

What We DON'T Do

Just as important as what we collect is what we don't do:

❌ We don't sell your data - Ever. To anyone. For any price.
❌ We don't train AI on your code - Unless you explicitly opt into our AI features
❌ We don't share with third parties - Except essential service providers (payment processing, infrastructure)
❌ We don't track you across the web - No third-party advertising networks
❌ We don't keep data forever - Clear retention policies with automatic deletion
❌ We don't bury important info - Our privacy policy is actually readable

Built-In Security Features

Privacy and security go hand-in-hand. Here's how we protect your deployments:

🔐 Encryption Everywhere

At Rest:

• Environment variables: AES-256 encryption
• Database: Encrypted volumes
• Backups: Encrypted before storage

In Transit:

• All API communication: TLS 1.3
• Your deployed apps: Free SSL certificates (Let's Encrypt)
• Dashboard access: HTTPS enforced

🏗️ Isolated Environments

Each deployment runs in its own isolated container:

• No access to other users' deployments
• No shared file systems
• Network isolation between projects
• Automatic cleanup after deployment

🛡️ GitHub Integration Security

We request the minimum permissions necessary:

• Read access to selected repositories only
• No organization-wide access unless you grant it
• Revoke access anytime through GitHub settings
• OAuth tokens, never passwords

🔑 Secrets Management

Environment variables are treated like the secrets they are:

• Encrypted in database
• Never appear in build logs
• Masked in dashboard display
• Decrypted only in deployment runtime
• Deleted immediately when you remove them

Compliance We Take Seriously

GDPR (General Data Protection Regulation)

As a platform serving users worldwide, we comply with GDPR:

Right to Access: Download all your data in machine-readable format
Right to Deletion: Delete your account and all associated data
Right to Portability: Export deployments, logs, and configurations
Right to Rectification: Update your information anytime
Data Breach Notification: We'll notify you within 72 hours

CCPA (California Consumer Privacy Act)

For our California users:

Transparency: Clear disclosure of data collection practices
Opt-Out Rights: Control over data sharing (though we don't sell data anyway)
Deletion Rights: Request deletion of personal information
Non-Discrimination: Same service quality regardless of privacy choices

SOC 2 (Coming Soon)

We're actively pursuing SOC 2 Type II certification to provide:

• Independent validation of our security practices
• Regular audits by third-party security firms
• Documentation of security controls
• Proof of compliance for enterprise customers

How We Handle Third Parties

We work with a minimal set of trusted partners to deliver our service:

Important: We never share your data with:

• Advertising networks
• Data brokers
• Analytics platforms (beyond basic error tracking)
• Third-party AI training companies

Your Privacy Controls

You're in complete control of your data:

Dashboard Privacy Settings

• View all data we have about you
• Export everything in JSON format
• Delete specific deployments and logs
• Manage third-party integrations

API Access

• Generate personal access tokens
• Audit token usage
• Revoke tokens instantly
• Set granular permissions

Account Deletion

When you delete your account, we:

1. Immediately disable access
2. Delete all deployments within 24 hours
3. Remove all personal data within 7 days
4. Keep only anonymized billing records (legal requirement)
5. Send confirmation when deletion is complete

Privacy-Friendly Analytics

We believe you should understand how your deployments perform without compromising privacy:

What We Track:

• Deployment success/failure rates
• Build duration and performance
• Bandwidth usage (aggregate, not per-user)
• Error rates and types

What We Don't Track:

• Individual user journeys through your deployed apps
• Personal information of your app's users
• Cross-site tracking or fingerprinting
• Behavioral analytics or A/B testing (on your users)

Your Analytics: We're building privacy-preserving analytics so you can understand your app's usage without tracking individual users.

Open Source Transparency

We believe in transparency, which is why we're open-sourcing key components:

• Our privacy policy templates
• Security best practices documentation
• Client SDKs and CLI tools
• Deployment configuration examples

You can audit our code, suggest improvements, and verify our claims.

Incident Response

Despite our best efforts, security incidents can happen. Here's our commitment:

If We Detect a Breach:

1. Immediate containment and investigation
2. Notification within 72 hours (GDPR requirement, but we aim for 24)
3. Clear explanation of what happened
4. Steps we're taking to prevent recurrence
5. Resources to protect yourself

Our Track Record: Since launch: Zero data breaches. Zero unauthorized access incidents. We intend to keep it that way.

Privacy in AI Features

Our AI-powered features (Blurs AI, Agent Sandbox) raise important privacy questions:

What Code Does AI See?

Blurs AI:

• Only sees code in projects you explicitly enable it for
• Processes code in isolated sandboxes
• Never stores your code on external AI services without permission
• You can opt out completely while still using deployment features

Agent Sandbox:

• Runs in completely isolated containers
• AI agents only access files you specify
• All changes are logged and auditable
• Sandboxes destroyed after session ends

Training Data

We commit:

• Never using your code to train our models without explicit opt-in
• Clear labeling of any features that use your code for improvement
• Ability to opt out without losing core functionality
• Transparent disclosure of how AI models are trained

Privacy for Your Users

When you deploy an app on Oblien, your users' privacy matters too:

We Don't:

• Inject tracking scripts into your deployed apps
• Monitor traffic to your applications
• Collect analytics about your users
• Require privacy-invasive features

You Control:

• What analytics you add to your app
• What cookies your app sets
• What third-party services you integrate
• Your own privacy policy compliance

The Privacy Pledge

Here's our promise to you, in plain language:

We, the team at Oblien, pledge to:

1. Never sell your data
2. Collect only what's necessary
3. Encrypt everything sensitive
4. Be transparent about our practices
5. Give you complete control
6. Respond honestly to privacy concerns
7. Improve continuously based on your feedback
8. Delete your data when you ask

If we ever change these principles, we'll:

1. Notify all users at least 30 days in advance
2. Clearly explain what's changing and why
3. Provide opt-out options
4. Allow you to export data before changes take effect

This isn't just marketing—it's our operating philosophy.

Compare for Yourself

We encourage you to compare our privacy practices with other platforms:

Questions? We're Here

Privacy shouldn't be complicated or confusing. If you have questions:

• Read our full Privacy Policy - Actually readable!
• Check our Terms of Service - Also in plain English
• Email us: privacy@oblien.com - Real humans respond
• Ask in Discord: Join our community for quick answers

We believe the only stupid question about privacy is the one you don't ask.

The Bottom Line

In an industry where privacy is often an afterthought, we're making it a cornerstone.

You shouldn't have to choose between great developer experience and protecting your privacy. You shouldn't need a law degree to understand what happens to your data. And you definitely shouldn't have to worry about your code being used in ways you didn't agree to.

With Oblien:

• Your code stays yours
• Your data is protected
• Your privacy is respected
• Your trust is earned, not assumed

Deploy with confidence. Deploy with Oblien.

---

Start Deploying Securely

Learn More

• Privacy Policy - Our complete privacy practices
• Security Best Practices - Secure deployment tips
• Terms of Service - Clear, honest terms
• Contact Us - Questions? We're here to help