Privacy Policy
Last updated: May 26, 2026
1. Introduction
TITAN Platform ("we", "us", "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.
This policy complies with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.
2. Data We Collect
2.1 Information You Provide
- Account Data: Name, email address, password (hashed with Argon2id)
- Billing Data: Name, email, and subscription status. Payment card details are collected and processed by Dodo Payments (our Merchant of Record). We do not store full card numbers on our servers.
- Server Data: SSH connection details, server labels, IP addresses
- Project Data: Repository URLs, environment variables (encrypted with AES-256-GCM)
2.2 Information Collected Automatically
- Usage Data: Deployment history, API calls, feature usage
- Device Data: Browser type, operating system, device identifiers
- Log Data: IP address, access timestamps, request paths
- Performance Data: Response times, error rates (anonymized)
3. How We Use Your Data
- To provide and maintain the Service
- To process transactions and manage billing
- To send notifications about deployments and server status
- To detect, prevent, and address security threats
- To improve our Service through anonymized analytics
- To comply with legal obligations
4. Data Security
We implement robust security measures to protect your data:
- Encryption at Rest: AES-256-GCM for sensitive data (secrets, environment variables)
- Encryption in Transit: TLS 1.3 for all communications
- Password Security: Argon2id hashing (no reversible storage)
- Post-Quantum Readiness: Kyber-768 (ML-KEM) key encapsulation for future-proof security
- Access Control: Role-based access, JWT with short expiry, API key scoping
- Audit Trail: Immutable WORM logs for all data access (SOC 2 compliant)
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Until account deletion + 30 days |
| Deployment logs | 90 days |
| Audit logs | 7 years (regulatory requirement) |
| Billing records | 7 years (tax requirement) |
| Analytics (anonymized) | 2 years |
6. Data Sharing
We do not sell your personal data. We share data only with:
- Dodo Payments: Subscription billing, tax calculation, and invoicing as Merchant of Record (PCI-compliant hosted checkout)
- Cloudflare: CDN, DDoS protection, and DNS (when you use our public domains)
- Infrastructure Providers: VPS hosting for platform services (data processing agreements in place)
- Legal Authorities: When required by law or valid legal process
7. Your Rights (GDPR / CCPA)
You have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate personal data
- Erasure: Request deletion of your data ("Right to be Forgotten")
- Portability: Export your data in a machine-readable format
- Restriction: Limit how we process your data
- Objection: Object to processing based on legitimate interests
- Withdraw Consent: Withdraw consent at any time
To exercise these rights, contact [email protected]. We respond within 30 days.
8. International Transfers
Data may be transferred to and processed in countries outside your jurisdiction. We ensure appropriate safeguards (Standard Contractual Clauses) are in place for cross-border transfers.
9. Children's Privacy
Our Service is not directed to individuals under 18. We do not knowingly collect personal data from children. If we become aware of such collection, we will delete it immediately.
10. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes via email or a prominent notice. The "Last Updated" date reflects the most recent revision.
11. Data Protection Officer
For privacy inquiries or concerns:
Email: [email protected]
Response time: Within 72 hours