Privacy Policy

We collect the following categories of information:

• Account information. When you sign up, we collect your name, email address, and authentication identifiers. If you sign in with GitHub or Google, we receive your profile email and a unique provider ID via OAuth.
• Billing information. Payments are processed by our payment processor, Stripe. We do not store full card numbers. We retain a Stripe customer ID, subscription tier, and invoice metadata for accounting.
• Usage and telemetry. We record sandbox lifecycle events (create, exec, pause, fork, hibernate, delete), API request metadata, boot timings, resource consumption, and aggregated metrics used for billing, capacity planning, and abuse prevention.
• Sandbox and database content. Code, files, and data you place inside a sandbox or managed database are processed on our infrastructure to provide the Services. See Your content below.
• Device and log data. IP address, browser/user-agent, and timestamps are logged for security, rate-limiting, and diagnostics.
• Product analytics. We use PostHog to understand how the dashboard and marketing site are used (page views, feature interactions). See Analytics and cookies.

We use the information we collect to:

• provide, operate, maintain, and improve the Services;
• authenticate users and secure accounts;
• meter usage and process billing through Stripe;
• detect, investigate, and prevent fraud, abuse, and security incidents;
• respond to support requests and communicate service-related notices;
• comply with legal obligations and enforce our Terms of Service.

Content you run inside a sandbox or store in a managed database (“Your Content”) belongs to you. We access Your Content only as needed to operate the Services (for example, to schedule, snapshot, restore, or migrate a sandbox), to provide support at your request, or where required by law. We do not use Your Content to train machine-learning models.

Sandboxes are ephemeral by default and are destroyed when their time-to-live expires or when you delete them. Managed databases are durable and persist until you delete them; deletion is irreversible and destroys the underlying volume.

If you are in the European Economic Area or the United Kingdom, we process personal data under one or more of the following legal bases: performance of a contract (to provide the Services), legitimate interests (security, fraud prevention, and product improvement), compliance with a legal obligation, and consent (where required, such as for certain analytics cookies).

We do not sell your personal information. We share information only with:

• Subprocessors that help us run the Services, including cloud infrastructure providers (Google Cloud Platform, Amazon Web Services), Stripe (billing), Supabase (authentication and database), Cloudflare (edge and DNS), and PostHog (analytics). Each is bound by contractual confidentiality and data-protection terms.
• Legal and safety recipients, where disclosure is required by law, subpoena, or to protect the rights, property, or safety of PandaStack, our users, or the public.
• Successors, in connection with a merger, acquisition, or sale of assets, subject to this Policy.

We retain account and billing records for as long as your account is active and as required for tax, accounting, and legal purposes. Usage logs and telemetry are retained for a limited period for security and analytics, after which they are deleted or aggregated. Sandbox content is retained only for the lifetime of the sandbox.

Each sandbox runs in a hardware-isolated Firecracker microVM with its own network namespace. Connections to the API and managed databases are encrypted in transit with TLS. We apply access controls, audit logging, and the principle of least privilege internally. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

We use PostHog and strictly necessary cookies to operate the dashboard and analyze aggregate product usage. Cookies are used to keep you signed in and to remember preferences. You can control cookies through your browser settings; disabling some cookies may affect functionality. Where required by law, we request consent before setting non-essential analytics cookies.

Depending on your location, you may have the right to access, correct, delete, or port your personal data, to object to or restrict certain processing, and to withdraw consent. To exercise these rights, contact us at [email protected]. You may also delete most account data directly from the dashboard. If you are in the EEA or UK, you have the right to lodge a complaint with your local data-protection authority.

We operate infrastructure in multiple regions and may transfer and process your information in countries other than your own, including the United States. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses for cross-border transfers.

The Services are not directed to children under 16, and we do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact us and we will delete it.

We may update this Privacy Policy from time to time. We will post the revised version with a new “Last updated” date and, for material changes, provide additional notice where appropriate.

Questions about this Policy or your data can be sent to [email protected]. For general support, email [email protected].