StealthQL

/ privacy

Privacy, the short version.

Customer rows on a StealthQL server live on your Droplet, not ours. We see the metadata we need to run the dashboard — email, billing, deployment events, audit log — and nothing else. This page tells you exactly what.

What lives where

  • On your server (Droplet) — every row your app reads or writes. Your customers data, your tables, your backups. We dont have a credential to read this. The runtime service token is generated at launch and held only by you and your dashboard.
  • On our dashboard — your account email, your plan, the events your dashboard generates (deployments, member invites, share creations), your launch metadata (region, size, domain), and the secrets you ask us to manage (GitHub token, runtime service token, webhook secrets). Your application data never crosses this boundary.
  • With our payment processor — Stripe holds your card. We hold a Stripe customer ID and subscription state, never the card number.
  • With our email provider — when we send a member invite, a billing receipt, or a backup-failed alert, the recipient address goes through Resend. The body of the email is not retained beyond delivery.

What we collect from you

  • Account — email, plan, role.
  • Operational — server region, size, domain, deployment SHAs and statuses, audit events (who did what, when), backup metadata (size, time, hash; never the contents).
  • Browser session — an HMAC-signed cookie that says "you are signed in as X." No third-party trackers, no analytics-vendor cookies.

What we dont collect

  • Customer rows from your tables.
  • Anything you put in environment variables you marked as customer-source.
  • Tracking pixels, cross-site identifiers, or marketing cookies.
  • Anything you didnt put into the dashboard yourself.

Your rights

  • Export — every page is read-as-CSV-able. Backups are downloadable in their original format. Eject packages your entire capsule into a portable tarball.
  • Delete — delete your account and we destroy your dashboard rows within 30 days. Your Droplet is destroyed by the eject flow on your timeline; we dont touch it after.
  • Access — well send a copy of every row we hold about you on request to [email protected].

Subprocessors

  • DigitalOcean — your server lives here.
  • Stripe — billing.
  • Resend — transactional email.
  • Cloudflare — DNS for managed subdomains and TLS issuance, when you opt into a managed hostname.
  • GitHub — auto-deploy webhooks, schema commits (when you connect a repo).

Contact

Privacy questions, data requests, or "what do you have on me?" — [email protected]. We answer within five business days.

Last updated: 2026-05-08.