Security

• We store account profile data (name, email) and authentication/session data.
• API keys are stored hashed; raw key values are shown only once at creation time.
• Tool usage metadata is stored for quotas, analytics, and account activity.
• Some tool inputs/outputs are stored when needed for product features (for example render history, uptime events, webhook/test logs).
• Passwords are never stored in plaintext.

• Session, usage, analytics, and operational logs are retained to run and secure the service.
• Feature-specific records (for example uptime events and render history) are kept until account deletion, manual cleanup, or policy updates.
• Verification tokens and email onboarding queue records are time-based and operationally cleaned over time.

• You can request access to your account data.
• You can request deletion of your account and associated data.
• Privacy contact: privacy@devrelay.it

• Traffic is served over HTTPS in production via reverse proxy.
• Data is encrypted in transit using TLS.
• Production services run in isolated containers with Postgres-backed persistence.
• Backups and operational recovery procedures are maintained for service continuity.

If you discover a security issue, report it privately at security@devrelay.it. Please include reproduction steps, impact, and any proof-of-concept details.