Privacy Policy
Last updated: January 13, 2026
This Privacy Policy explains how FreeBraavos LTD ("AppDeploy", "we", "us") collects, uses, and shares information when you use:
- our website and landing page (the "Website"), and
- our integrations, connectors, and APIs for third-party AI platforms and agent clients (the "Integrations"), which let you deploy apps from within your AI platform or agent client of choice.
Third-party AI platforms and agent clients (each, a "Third-Party Platform") are separate services. Their privacy practices are governed by their own policies and terms.
Data minimization: We collect only the information necessary to provide the deployment service. We do not collect data "just in case" or for purposes unrelated to operating AppDeploy.
1) Information we collect
A. Identifiers and account info
- User identifier: when you use the Integrations, we receive an identifier used to associate deployments with your account (e.g., a guest identifier or an authenticated user ID).
- Social sign-in (optional): if you choose to sign in via Google or Apple on our sign-in page, we receive a Firebase-issued identity token and derive a stable user ID. Your email address may be present in the token; we do not require it to provide the core service.
B. Content you submit for deployment
- Project files you provide (source code, configuration files like package.json, and any static assets).
- Project metadata such as app name/type, description, and deployment identifiers.
- Build and deploy logs generated during deployment, including error details if deployment fails.
Important: Do not submit secrets (API keys, passwords, private tokens), payment card data, government IDs, or other sensitive information in your project files or messages. We do not intentionally collect or require this information. If we detect such data in submitted content or logs, we take steps to limit exposure (for example, redaction and deletion where feasible).
C. Usage and technical data
- Request metadata (e.g., request IDs, timestamps, and session identifiers) and basic logs needed to operate, secure, and debug the service.
- Device/browser data for the Website (e.g., standard HTTP logs, approximate location derived from IP at the infrastructure layer, and diagnostic information).
We do not request or collect your precise device location. Any geographic information is limited to standard IP-based inference at the infrastructure level for security and compliance purposes.
Cookies and analytics: The Website does not use third-party analytics or advertising cookies. We may use essential cookies or local storage for basic functionality (such as authentication state). We do not engage in cross-site tracking.
D. Communications
If you contact support, we collect the information you provide (such as your email address, message content, and any attachments).
E. What we do not collect
The Integrations receive only the specific project files, configuration, and metadata you (or your AI platform/agent client) explicitly submit for deployment. We do not pull your conversation history from Third-Party Platforms. We process only the inputs sent to us through the integration for deployment purposes and do not attempt to reconstruct your broader chat context.
2) How we use information
- Provide the service: create deployments, host your app, and show deployment status and URLs.
- Authenticate and prevent abuse: secure the Service, validate requests, and detect fraud or misuse.
- Troubleshoot and improve: diagnose failures, improve reliability, and enhance product experience.
- Communicate with you: respond to support requests and send service-related notices.
- Comply with law: enforce our Terms, comply with legal obligations, and protect rights and safety.
Lawful bases (EEA/UK)
- Contract: to provide deployments, hosting, and related services you request.
- Legitimate interests: to secure the Service, prevent abuse, and improve reliability.
- Legal obligations: to comply with applicable laws and lawful requests.
- Consent: for optional features where we ask for it (you can withdraw at any time).
Response data: Tool responses are limited to what is necessary to complete your request (deployment status, URLs, and relevant error messages). We do not include internal identifiers or diagnostic metadata such as session IDs, trace IDs, request IDs, or detailed timestamps in tool responses unless strictly necessary to fulfill your request.
No profiling: We do not engage in behavioral profiling, cross-site tracking, or build advertising profiles based on your usage of AppDeploy.
If you choose not to provide data: Certain information is required to provide the full scope of the service (for example, the ability to let you control your deployed apps from any platform). If you do not provide the required information, we may not be able to offer such features.
3) How we share information
We may share information with:
- Infrastructure providers: we use AWS services (including compute, storage, database, and CDN) to deploy and host apps.
- Authentication providers: if you choose Google/Apple sign-in, we use Firebase Authentication to help authenticate you.
- Package registries and build dependencies: during deployment, build tools may download dependencies from public package registries (e.g., npm) based on your project’s configuration.
- Professional advisors: legal, security, and compliance advisors as needed.
- Legal and safety: to comply with law or protect FreeBraavos LTD, our users, or others.
- Third-Party Platforms and agent clients: When you use the Integrations, we send responses (for example deployment status, logs, and URLs) back to the Third-Party Platform or agent client you are using so it can display them to you. That platform may process those responses under its own terms and privacy policy.
Subprocessors: Our primary subprocessors include AWS (hosting, storage, database, CDN) and Firebase Authentication (sign-in). A current list is available at appdeploy.ai/subprocessors.
International transfers: We process and store data in the United States (us-east-1). Where data is transferred from the EEA, we rely on the European Commission's Standard Contractual Clauses (SCCs) or other valid transfer mechanisms. Where data is transferred from the UK, we rely on the UK IDTA or the UK Addendum to the EU SCCs, as applicable, or other valid transfer mechanisms. You may request more information about the safeguards we use by contacting support@appdeploy.ai.
Data Processing Agreement: A DPA is available at appdeploy.ai/dpa or on request.
We do not sell your personal information.
4) Public deployments
Controller and processor roles: Depending on how you use AppDeploy, FreeBraavos LTD may act as (a) a data controller for account, billing (if applicable), security, and service operations, and (b) a data processor when hosting and processing data on your behalf in connection with deployed apps. Where we act as a processor, our processing is governed by our DPA.
Apps you deploy are hosted at a public URL and may be accessible to anyone who has the link (or to the public, depending on how you share it). You are responsible for the content you deploy and for ensuring it does not contain sensitive data.
Data processed when your deployed app is used: When you deploy an app through AppDeploy, we host and serve it. As part of providing hosting, we may process technical data from requests to your deployed app (such as IP address, request headers, and server logs) for security, abuse prevention, and reliability. AppDeploy acts as a hosting provider; you (the deployer) determine what your app collects from its visitors and are responsible for providing appropriate notices and obtaining required consents for your deployed app.
Primary region: United States (us-east-1). CDN/edge delivery: may involve global edge locations for content delivery.
5) Data retention
We retain data for varying periods depending on the type:
- Deployment content: retained while your deployment is active, and deleted upon request.
- Build logs: retained for up to 30 days for debugging purposes.
- Security and access logs: retained for up to 90 days for security and compliance.
- Authentication data: OAuth authorization codes expire after 10 minutes; access tokens expire after 1 hour; refresh tokens expire after 30 days.
- Operational metadata and events: retained while your deployment is active and deleted upon request, subject to legal obligations.
- Backups: retained for up to 30 days after deletion for disaster recovery.
Deletion requests remove data from primary systems; backups are overwritten on a rolling basis within 30 days.
6) Security
We use reasonable administrative, technical, and organizational safeguards designed to protect information. No method of transmission or storage is 100% secure.
We take steps to reduce sensitive data in logs (for example, redacting obvious secrets and personal data where feasible) and we avoid storing unnecessary message content.
7) Your choices and rights
- Disconnecting from Third-Party Platforms: you can disconnect or remove AppDeploy from your AI platform or agent client at any time through that platform's settings (for example, connected apps/connectors settings, or an MCP configuration). After you disconnect, we will no longer receive new data from that platform for your account unless you reconnect. Disconnecting does not automatically delete existing deployments or data already stored; you can request deletion as described below. Steps vary by platform and may change over time.
- Deletion requests: you can request deletion of your deployments and associated data by contacting us.
- Access and correction: you may request access to or correction of certain information we hold about you.
EEA/UK rights
- Access, rectification, deletion, restriction, portability, and objection.
- Withdraw consent at any time for processing based on consent.
How to make a request
Email support@appdeploy.ai with the subject line "Privacy Request" and include your request details. We may verify your identity before fulfilling a request. We respond within 30 days, and may extend that timeline where permitted by law with notice.
If you are located in the EEA/UK, you also have the right to lodge a complaint with your local supervisory authority.
DPO and EU/UK representative
We do not currently have a designated Data Protection Officer. We will appoint an EU/UK representative as required and update this policy with their contact details.
We may need to verify your request before fulfilling it.
8) Children’s privacy
The service is not directed to children under 13, and we do not knowingly collect personal information from children under 13.
9) Changes to this policy
We may update this Privacy Policy from time to time. We will update the "Last updated" date above and, if changes are material, provide additional notice.
10) Contact
FreeBraavos LTD, Menakhem Begin Rd 121, Tel Aviv-Yafo, Azrieli Sarona Tower, Israel.
Questions or privacy requests? Email support@appdeploy.ai.