Privacy Policy
Last updated: February 19, 2026
Your code stays on your machine. We don't collect telemetry. We don't store your source code. The only things that touch our servers are subdomain routing data and deploy metadata.
Honest breakdown of every piece of data we touch
| Data | Where it lives | Who can see it |
|---|---|---|
| GitHub username + avatar | Supabase (controller DB) | You + us |
| Project name | Supabase | You + us |
| Subdomain mapping | Cloudflare KV | Cloudflare + us |
| Secure connection URL (temporary) | Supabase | Us (auto-rotated) |
| Encrypted secrets (env vars) | Supabase (AES-256) | You only (decrypted on your machine) |
| Deploy metadata (timestamps, status) | Supabase | You + us |
| Traffic (proxied, not logged) | Cloudflare Worker | Nobody (not stored) |
Things that never leave your machine
- No telemetry or analytics pings. The
bsCLI doesn't phone home. No usage stats, no crash reports, no "anonymous" analytics. - No source code. Your code never touches our servers. It stays on your machine and, optionally, GitHub.
- No application data or databases. The proxy routes HTTP traffic. It doesn't inspect, log, or cache request/response bodies.
- No cookies on this site. This website is static HTML. No tracking scripts, no cookie banners, because there are no cookies.
- No email tracking pixels. If we ever email you, there are no tracking pixels or open-rate analytics.
When someone visits your-app.buildandship.it
The Worker doesn't log request bodies, headers, or visitor IPs. Cloudflare itself may process requests per their infrastructure, but we don't add any additional data collection on top of that.
Everything lives on your machine
All Build & Ship data is stored locally in ~/.buildandship/ on your machine:
- buildandship.db SQLite database with project configs, deploy history, domain mappings
- config.toml Your auth token and preferences
- logs/ Secure connection and webhook agent logs
Run bs uninstall and all of this is wiped clean. Nothing persists after uninstall.
GitHub integration
When you run bs login, we use GitHub OAuth to authenticate you. The OAuth flow requests minimal scopes:
- read:user -- to get your username and avatar
- repo -- to create webhooks for automated deploys
- write:packages -- to push container images to GHCR
Revoke access at any time at github.com/settings/applications.
Secrets encryption
Environment variables are encrypted with AES-256-GCM. The encryption key is derived from a local keyfile stored on your machine. Secrets are decrypted only on the deploy machine at runtime. We never see plaintext values.
Third parties
Services involved in making Build & Ship work:
- Cloudflare -- Workers (proxy), KV (subdomain routing), DNS + TLS for domains
- GitHub -- OAuth authentication, Actions CI/CD, repo API
- cloudflared -- Secure connection client that runs locally on your machine
We don't use any analytics services, advertising platforms, or data brokers. There are no third-party tracking scripts on this site.
You own your data
- Delete everything local: Run
bs uninstall. It removes all local data, daemons, and the binary. - Revoke GitHub access: Remove Build & Ship from your GitHub authorized apps.
- Remove server-side data: Contact us and we'll remove any data associated with your account from our systems.
- Export your data: Everything is in
~/.buildandship/buildandship.db. It's a standard SQLite file you can open with any client.
Policy updates
If we change this policy, we'll update the date at the top. We won't start collecting data silently. Check back occasionally. No email spam about policy updates.
Questions?
Privacy questions, data requests, or anything else: