Privacy Policy
Last updated: April 11, 2026
This Privacy Policy describes how Patrick Donohoe, operating as floo ("we", "us"), collects, uses, and protects your information when you use our deployment platform.
What We Collect
Account Information
When you sign up, we collect your email address and name via WorkOS authentication. We do not store passwords — authentication is handled by WorkOS.
Application Data
We access your GitHub repositories (with your permission) to download source code for building and deploying your applications. We store build logs, deploy history, and runtime logs. Environment variables you set are encrypted at rest.
Usage Data
We collect request counts, error rates, and latency metrics for your deployed applications to power the Monitoring dashboard. We track API usage for billing purposes.
Payment Information
Payment processing is handled by Stripe. We do not store credit card numbers or bank account details. Stripe's privacy policy governs payment data.
How We Use Your Data
- To build, deploy, and serve your applications
- To provide monitoring, logging, and analytics dashboards
- To process billing and send invoices
- To send deploy notifications and service alerts
- To improve the platform and fix bugs
- To respond to support requests and feedback
Data Sharing
We share data with these third-party services to operate the platform:
- Google Cloud Platform — infrastructure (Cloud Run, Cloud SQL, Cloud Build)
- WorkOS — authentication
- Stripe — payment processing
- Resend — email notifications
- Sentry — error tracking (no PII sent)
- Upstash — Redis caching
We do not sell your data to anyone. We do not use your data for advertising.
Data Security
Environment variables are encrypted at rest using Fernet symmetric encryption. All traffic is encrypted in transit via TLS. Database backups are encrypted. Access to production systems is restricted to authorized personnel.
Data Retention
We retain your account data for as long as your account is active. Build logs and deploy history are retained for 90 days. Runtime logs are retained for 7 days. Upon account deletion, all associated data is removed within 30 days.
Your Rights
You can:
- Access your data via the dashboard and CLI
- Export your environment variables via
floo env list - Delete your account and all associated data
- Request a copy of your data by emailing us
Cookies
The dashboard uses a session cookie (__floo_session) for authentication. We do not use tracking cookies or third-party analytics.
Contact
Questions about privacy? Email privacy@getfloo.com.