Data Privacy
PatchCTL is committed to protecting your data.
Data We Collect
From Agents
| Data | Purpose | Retention |
|---|---|---|
| Hostname | Server identification | While active |
| IP address | Network information | While active |
| OS version | Compatibility | While active |
| Hardware specs | Dashboard display | While active |
| Package list | Patch management | While active |
| CVE matches | Vulnerability tracking | While active |
From Dashboard
| Data | Purpose | Retention |
|---|---|---|
| Email address | Account login | While active |
| Name | Display purposes | While active |
| Actions taken | Audit logging | 90 days |
Data We Do NOT Collect
- File contents from your servers
- User data or credentials
- Network traffic or logs
- Application data
- Personal files
- Environment variables with secrets
Data Storage
Location
- Primary: US-based cloud infrastructure
- Backups: Encrypted, geographically distributed
Encryption
- At rest: AES-256 encryption
- In transit: TLS 1.3
Access Controls
- Role-based access control
- Audit logging on data access
- Minimal privilege principle
Data Retention
Active Accounts
- Data retained while subscription active
- Historical data for compliance reports
Deleted Accounts
- Account data deleted within 30 days
- Server data deleted within 30 days
- Backups purged within 90 days
Inactive Servers
- Servers inactive >30 days flagged
- Can be deleted to free node quota
- Historical data available in reports
Your Rights
Data Export
Export your data anytime:
- Go to Settings → Account
- Click Export Data
- Download includes servers, patches, history
Data Deletion
Request complete deletion:
- Delete organization via dashboard
- Or contact [email protected]
Data Correction
Update your information:
- Edit profile in Settings
- Contact support for corrections
Third Parties
Service Providers
We use trusted providers for:
- Supabase - Database and authentication
- Stripe - Payment processing
- Cloudflare - CDN and security
No Data Selling
We do NOT sell your data to third parties. Ever.
Law Enforcement
We only disclose data when legally required and will notify you unless prohibited by law.
Compliance
PatchCTL supports compliance with:
- GDPR (EU data protection)
- CCPA (California privacy)
- SOC 2 (security controls)
Contact
Privacy questions:
- Email: [email protected]
- Include your organization name