ApyrunGet Started

Privacy Policy

Last updated: December 18, 2025

TL;DR

  • We only use technical cookies for authentication – no tracking, no marketing cookies
  • We collect your email, username, scripts, and encrypted secrets to provide the service
  • We never sell your data – never have, never will
  • You can export or delete your data anytime from Account settings
  • Third parties: Stripe (payments), OAuth providers (login) – that's it

At Apyrun, we are committed to protecting your privacy. This policy explains what data we collect, why we collect it, and how we handle it. For details on how your scripts and data are stored, see our Data Policy. For security practices, see our Security page.

Data Controller

The controller responsible for data processing on this website is:

Apyrun
Tom Neubert
Stresemannstraße 23
10963 Berlin, Germany
Email: privacy@apyrun.io

Based on the scope of our data processing activities, the designation of a Data Protection Officer is not required. For data protection inquiries, please contact us at the email above.

What We Collect

Account Information

  • Email address – for authentication and important notifications
  • Username – to identify your account and containers
  • Payment information – processed securely by Stripe (we never see your card details)

Service Data

  • Scripts – the Python code you create and deploy
  • Secrets – API keys and credentials you store (encrypted at rest)
  • Execution logs – retained for a limited period, then automatically deleted
  • Usage metrics – CPU and memory usage for your dashboard

Technical Data

  • Authentication cookies – session management only, no tracking

How We Use Your Data & Legal Basis

Under GDPR Article 6, we process your data based on the following legal grounds:

  • Contract performance (Art. 6(1)(b)) – Provide, operate, and maintain the Service; execute your scripts; process payments
  • Legitimate interests (Art. 6(1)(f)) – Improve the platform based on aggregate usage patterns; ensure security and prevent abuse
  • Legal obligation (Art. 6(1)(c)) – Retain billing records as required by tax and commercial law

Third-Party Services & International Transfers

We share data only with services essential to operate the platform:

Infrastructure (EU)

  • Hetzner Online GmbH (Germany) – server hosting, no data transfer outside EU

Service Providers (US)

The following US-based providers may process data outside the EU. Transfers are protected by the EU-US Data Privacy Framework and/or Standard Contractual Clauses (SCCs):

  • Stripe, Inc. – payment processing (EU-US Data Privacy Framework certified)
  • Google LLC – OAuth authentication (EU-US Data Privacy Framework certified)
  • Resend, Inc. – transactional emails (Standard Contractual Clauses)

Analytics (EU)

  • Pirsch Analytics (Germany) – privacy-focused, cookie-free website analytics

We do not sell, rent, or share your data with advertisers or data brokers.

A Data Processing Agreement (DPA) is available upon request for business customers who process personal data through our service. Contact privacy@apyrun.io.

Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right of access (Art. 15) – view all your data in Account settings
  • Right to data portability (Art. 20) – download your data as JSON anytime
  • Right to erasure (Art. 17) – permanently delete your account and all data
  • Right to rectification (Art. 16) – update your information in settings
  • Right to restriction (Art. 18) – request limitation of processing
  • Right to object (Art. 21) – object to processing based on legitimate interests

Most controls are available directly in your Account settings. For other requests, contact privacy@apyrun.io.

Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). The competent authority for our business is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219
10969 Berlin, Germany
www.datenschutz-berlin.de

Data Retention

  • Account data – kept until you delete your account
  • Scripts and secrets – kept until you delete them or your account
  • Execution logs – automatically deleted after a short retention period
  • Billing records – retained for 10 years as required by German tax and commercial law (§ 147 AO, § 257 HGB)

Children's Privacy

We do not knowingly collect information from children under 16. If you believe a child has provided us with personal information, please contact us immediately.

Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated via email. The latest version will always be available on this page.

Contact

Questions about this policy? Contact us at privacy@apyrun.io