1. What we collect
Account information. When you sign up we collect your email address, your name (optional), the IP address the request came from, and authentication metadata (timestamps, MFA factors, browser user-agent). This is what we need to give you an account, send you confirmation and notification email, and produce a useful audit trail for your own organization.
Product telemetry. The control plane stores the data your team actively generates: registered runners and their metadata (hostname, version, last-seen), action packs your runners advertise, runs your operators or LLM agents trigger, approvals, policy decisions, and the resulting audit events. These records are your data — we treat them as confidential.
Billing information. Paid plans are processed via Paddle. We never see or store your full card number; Paddle gives us back a customer identifier, the last four digits, and the card brand. Your billing email and address sit in Paddle.
Marketing list. If you sign up for product updates from a form on our marketing site, we store the email address you enter and which page you submitted it from — nothing more. We use it only to email you about emisar product news; we do not sell it, share it, or use it to train AI models, and you can ask us to remove you any time at support@emisar.dev.
2. How we use it
We use this data for one thing: to provide the emisar service to you. That means authenticating you, routing actions to your runners, enforcing your policies, sending operational email (confirmation, magic-link sign-in, approval notifications), and producing invoices.
We do not sell your data. We do not share it with advertisers. We do not enrich it with third-party data brokers.
We do not use your data to train AI models. Not ours, not anyone else's. The audit events your team generates are not a training corpus and we will not turn them into one.
3. Where it lives
Production data is processed and stored on Google Cloud in the United States, including a private managed PostgreSQL database. Connections between your browser, your runners, the control plane, and the database are encrypted in transit with TLS 1.2 or higher (TLS 1.3 where the client supports it). Compute storage, database storage, and backups use provider-managed encryption at rest.
4. Subprocessors
We rely on a small number of vendors to operate the service. Each one is contractually bound to confidentiality and to processing data only on our instructions.
- Paddle — payment processing and subscription retention (Paddle Retain, checkout page only).
- Postmark — transactional email (sign-up confirmation, magic links, approval notifications).
- Google Cloud Platform — application hosting, networking, managed PostgreSQL, and backups in the United States.
- Mixpanel — product & usage analytics (which features are used, and how people reach us). Server-side; we send product-interaction events, never your runners' data or the contents of actions.
We will update this list before adding new subprocessors. If you are on a paid plan and want notification before changes take effect, email support@emisar.dev and we will add you to the list.
5. Your rights
You can export your data at any time. Audit events stream out of the /api/audit
endpoint as NDJSON for any SIEM that speaks HTTP, using any read-only audit API key. For a
full account snapshot (audit + packs + configuration), email
support@emisar.dev
and we'll generate it for you. We're working on a one-click export in the dashboard.
You can delete your account at any time. Email support@emisar.dev and deletion removes your data from the primary database within 24 hours and from encrypted backups within 30 days (after which the backups themselves expire). Ask for a deletion certificate or a copy of the data first if you need one.
If you are in the EU, UK, or California you have additional rights under GDPR and CCPA respectively — access, rectification, portability, restriction. Email us and we will honor them.
6. Retention
Audit events and run history are retained according to your plan:
- Free — 7 days of audit history.
- Team — 90 days of audit history.
- Enterprise — 365 days of audit history.
Account metadata (your email, your organization name, your billing record) persists for the life of the account. After account deletion, we retain only what we are legally required to retain (e.g., tax records for invoices) for the minimum statutory period.
Marketing emails are kept until you ask to be removed, then deleted within 30 days.
7. Cookies & analytics
We use a small set of strictly-functional, first-party cookies — and nothing else. A signed, HTTP-only session cookie keeps you signed in and carries the CSRF token protecting your forms. A signed recent-teams cookie remembers which teams this browser has signed into, so the sign-on page can offer them as one-click buttons. And while you complete a passwordless sign-in, a short-lived signed cookie ties the emailed code to this browser. No advertising cookies and no analytics cookies. And aside from the Paddle checkout page — which loads Paddle's own payment and retention scripts (Paddle.js and Paddle Retain) that may set their own cookies — no third-party tracker or analytics script runs in your browser.
To understand which features get used and how people find us, we record a small set of marketing and account events — pageviews, sign-ups, sign-ins, and plan changes — in Mixpanel, a product-analytics service, server-side. We never send the contents of your runs, action arguments, or audit records. We count anonymous visitors without a cookie: a salted hash of your IP address and browser that rotates every week, so it can't follow you over time or identify you. Once you sign in, your activity is tied to your account.
8. Contact
emisar is operated by Andrii Dryga, the data controller for the records described in this policy. Questions, requests, or concerns: support@emisar.dev. For security issues specifically: security@emisar.dev.