Privacy Policy

Last updated: [LAST UPDATED DATE]

This Privacy Policy explains what information Kratys (the "Service") collects, how we use it, and the choices you have. Kratys is a production-readiness and deployment platform for AI-built applications. We are committed to building the Service with privacy principles in mind, including data minimization and encryption of sensitive credentials. We do not claim any formal compliance certification at this time.

1. Information We Collect

  • Account information. Your email address and account identifiers, managed through our identity provider (Clerk).
  • Connected credentials. When you connect GitHub or a cloud provider (such as DigitalOcean), we store the access tokens and credentials needed to provide the Service. Sensitive credentials are stored encrypted.
  • Project and usage data. Information about your projects, deployments, container logs, security and trust scan results, and platform activity.
  • AI cost telemetry. Metadata about AI model usage (such as token counts and cost estimates) used to operate and monitor AI-powered features.
  • Billing information. When billing is active, subscription and payment details are handled by our payment provider (LemonSqueezy). We do not store full payment card numbers.

2. How We Use Information

  • To provide, operate, and maintain the Service.
  • To scan, build, deploy, and monitor your applications when you request it.
  • To process subscriptions and prevent abuse or fraud.
  • To communicate with you about your account and service updates.
  • To improve reliability, performance, and security of the platform.

Before sending content to AI model providers, we apply automated redaction intended to remove common secrets (such as API keys and tokens) from outbound text.

3. Third Parties We Share Data With

We share data with service providers only as needed to operate the Service:

  • Clerk - authentication and account management.
  • LemonSqueezy - subscription billing and payments (merchant of record).
  • DigitalOcean - cloud infrastructure provisioned on your connected account.
  • GitHub - source code access for repositories you connect.
  • Anthropic and Google - AI model providers that power AI features and scans.

We do not sell your personal information.

4. Data Retention

We retain account and project data for as long as your account is active or as needed to provide the Service. You can request deletion of your account data, subject to limited records we may need to keep for legal, security, or accounting purposes.

5. Security

We use technical and organizational measures to protect your data, including encryption of sensitive credentials and access controls. No system can be guaranteed perfectly secure, but we work to protect your information and to limit access to it.

6. Your Rights and Choices

Depending on your location, you may have rights to access, correct, export, or delete your personal data, and to disconnect connected third-party accounts at any time. To exercise these rights, contact us using the details below.

7. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will take reasonable steps to notify you.

8. Contact

For privacy questions or requests, contact us at [CONTACT EMAIL]. See also our Terms of Service.