Privacy Policy

Data: IP address, user agent, request path, timestamp, referrer

Purpose: Site delivery through our reverse-proxy/CDN layer, abuse prevention, rate limiting, and incident investigation

Legal basis: GDPR Art. 6 para. 1 lit. f (legitimate interest)

Retention: Limited to what is needed for operations and security investigations

Data: Email address, password hash, session metadata (IP, user agent), login timestamps

Purpose: Account access, session management, and account security

Legal basis: GDPR Art. 6 para. 1 lit. b (contract) and lit. f (security)

Retention: While the account is active and as required for security/legal defense

Data: Ship metadata (org/repo/domain), execution logs, run/deployment status

Purpose: Creating and operating your repositories, runs, and deployments

Legal basis: GDPR Art. 6 para. 1 lit. b (contract)

Retention: While required to operate the service and support incidents

Data: Tier, provider transaction/order IDs, status, totals, tax values, customer name/email when returned by provider

Purpose: Checkout creation, payment confirmation, refunds, and accounting documentation

Legal basis: GDPR Art. 6 para. 1 lit. b and lit. c

Retention: Up to 10 years where required by tax and commercial law

Data: Visitor email address, submission timestamp, IP address (for rate limiting)

Purpose: Storing waitlist signups on behalf of the ship owner (data controller) who created the landing page

Legal basis: GDPR Art. 6 para. 1 lit. b (contract with the ship owner) and Art. 28 (processing on behalf of a controller)

Retention: While the ship exists; deleted when the ship owner deletes their ship or account

Controller: The ship owner is the data controller for waitlist data. Omaship processes this data under the terms of our Data Processing Agreement.

Data: Email, confirmation token state, optional explanation text, GitHub profile fields when linked

Purpose: Access control for template onboarding and optional follow-up communication

Legal basis: GDPR Art. 6 para. 1 lit. b and lit. a (where consent-based follow-up applies)

Retention: Until deletion request or when no longer needed for onboarding/support

Data: API token name, scopes, expiry, token digest, auth failure/scope denial metadata (request path/method, IP)

Purpose: CLI access control, abuse detection, and security auditing

Legal basis: GDPR Art. 6 para. 1 lit. f (service security)

Retention: While required for security and abuse investigation

Purpose: Reverse proxy, CDN delivery, and edge network security for public Omaship hostnames

Data shared: IP address, request metadata, hostname, browser/TLS metadata, and related security/performance telemetry needed to deliver and protect the service

Cloudflare Privacy Policy

Purpose: Hosted checkout, payment processing, taxes, invoicing, refunds

Data shared: Transaction/customer details required to process and document payments

Paddle Privacy Notice

Purpose: OAuth onboarding and repository/run/deployment operations

Data shared: Account identifiers and repository metadata required for app operation

GitHub Privacy Statement

Purpose: Transactional and onboarding emails

Data shared: Email addresses and delivery metadata

Resend Privacy Policy

Purpose: Optional booking widget on Book a call

Data shared: Data you enter in the Calendly widget and related technical metadata

Calendly Privacy Notice

Purpose: Web font delivery

Data shared: Browser/connection metadata needed to deliver font files