ServerDeck

Privacy Policy

Last updated: April 2025

1. Information We Collect

We collect the following information when you use ServerDeck:

  • Account data: username, email address, and hashed password.
  • Server data: IP addresses, hostnames, SSH credentials (encrypted), and collected system information (OS, RAM, disk, etc.).
  • Usage data: login timestamps, audit logs of actions performed within the platform.
  • Technical data: IP addresses used to access the Service, browser type, and request logs.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and improve the Service.
  • Authenticate users and secure accounts.
  • Send transactional emails (verification codes, password reset links).
  • Send alert notifications about your servers (if enabled).
  • Maintain audit trails for security and compliance.
  • Diagnose technical problems and prevent abuse.

3. Data Storage and Security

All sensitive data is protected using industry-standard practices:

  • Passwords are hashed using bcrypt and never stored in plaintext.
  • SSH credentials (passwords and private keys) are encrypted at rest using Fernet symmetric encryption.
  • All data is stored in a PostgreSQL database with access restricted to application services.
  • Transport is secured via HTTPS/TLS.

4. Data Sharing

We do not sell, trade, or rent your personal information to third parties. We may share information with trusted service providers who assist in operating the Service (e.g., email delivery via SMTP), subject to confidentiality obligations. We may disclose information when required by law or to protect the rights, property, or safety of ServerDeck, our users, or the public.

5. Cookies and Local Storage

ServerDeck uses browser local storage to store authentication tokens (JWT). We do not use third-party tracking cookies or advertising cookies. Session data is cleared when you log out.

6. Data Retention

We retain your account data for as long as your account is active. Server information, audit logs, and notifications are retained for operational purposes. You may request deletion of your account and associated data by contacting us.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your account and data.
  • Withdraw consent for data processing where consent is the legal basis.

To exercise these rights, contact us at [email protected].

8. Third-Party Services

We may use third-party services such as hCaptcha for bot protection. These services have their own privacy policies which govern the use of information they collect. By using the Service, you agree to their respective privacy policies.

9. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by posting a notice on the Service or by email. Your continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

10. Contact

If you have questions or concerns about this Privacy Policy, please contact us at [email protected].

Terms of Service·Back to sign in