Overview
Openship is a deployment platform. We host code, secrets, and infrastructure on your behalf when you use Openship Cloud. When you self-host, everything stays on your own machines and this policy applies only to the parts of our service you interact with (account, billing, support).
This policy describes what we collect, why, where it lives, and how to remove it. We do not sell personal data. We do not show ads.
What we collect
Account data - email, hashed password (or OAuth identity), team name, and your role.
Billing data - for Cloud and Business plans only. Card and tax details are processed by Stripe; we store the last four digits and the invoice history.
Project metadata - repository URL, branch, build commands, environment variable names (not values), domain names, deployment timestamps.
Build artifacts - container images we built on your behalf. Stored for the lifetime of the deployment and pruned by our retention policy.
Logs - application and build logs, retained 30 days on Cloud, 12 months on Business.
Telemetry - off by default. If you opt in we collect anonymous platform-version and feature-usage events to inform the roadmap.
What we don't collect
Source code outside of build time - we fetch your repo, build, and discard the working tree. The image is what persists.
Decrypted secrets - environment variables are encrypted at rest with keys we never log.
Customer data flowing through your apps. Your databases and your application logs are your data; we host them but we don't read them.
Behavioural analytics on your end users.
Where data lives
Cloud customers - primary storage in EU-West (Ireland) with replicas in US-East and AP-South. You can pin a project to a single region.
Self-hosted customers - everything stays on the machines you run. We have zero visibility.
Backups - encrypted, region-pinned, 30-day rolling window on Cloud, extended retention on Business.
Third-party processors
Stripe - payment processing and invoicing.
AWS, Hetzner, Cloudflare - infrastructure providers for compute, network, and edge.
Postmark - outbound transactional email (account events, billing receipts).
Sentry - error reporting, with PII scrubbing enabled.
We do not use marketing trackers, advertising pixels, or session replay tools.
Your rights
Access - request an export of everything we have about you, in machine-readable form.
Deletion - delete your account at any time; we erase identifying data within 30 days and retain only what's required by tax law.
Portability - every deployment is a plain container image and a standard manifest. You can leave Cloud and re-run on your own servers without rewriting anything.
Contact [email protected] for any of the above. We respond within 5 business days.
Changes
When this policy materially changes we email account owners at least 14 days before the change takes effect, with a side-by-side diff of what's changing and why.