Privacy Policy

Jetpacked is operated by the legal entity identified on the Legal page.

Privacy requests can be sent through the contact details listed on the Legal page.

Jetpacked is a platform-as-a-service for deploying applications from GitHub. It analyzes repositories, detects frameworks and services, prepares deployment configuration, creates runtime files, starts containers, manages service credentials, provides logs, and serves projects under Jetpacked or customer domains.

For account and platform operations we act as a controller. For personal data that your deployed application processes about your own users, Jetpacked may act as your processor. In that case, you remain responsible for your own privacy notices and lawful use of the deployed application.

Account data: GitHub profile information such as GitHub ID, name, email address, avatar URL, installation IDs, selected repositories, selected branches, project names, project slugs, legal acceptance records, email verification state, and account session data.

Repository and deployment data: repository metadata, package files, dependency lists, scripts, framework configuration, env examples, deployment settings, generated Docker and compose files, runtime configuration, selected services, custom domains, deployment status, and build/start logs.

Secrets and service credentials: environment variables, generated database passwords, service tokens, GitHub installation tokens, and similar credentials. Secrets are stored encrypted where the application model supports encrypted storage and are used to deploy and operate your projects.

Technical data: IP addresses, request headers, user agents, timestamps, security events, application logs, runtime logs, error traces, and server health information needed to keep the platform available and secure.

Support and feedback data: messages you send us, unsupported-project feedback, contact details you provide, and related troubleshooting context.

We process account, repository, deployment, and project data to provide the service, authenticate you, connect GitHub, deploy projects, operate infrastructure, show logs, and manage your projects. The legal basis is performance of a contract or steps prior to entering into a contract under Art. 6(1)(b) GDPR.

We process technical logs, abuse signals, security events, and operational diagnostics to keep Jetpacked secure and abuse-resistant. The legal basis is our legitimate interest under Art. 6(1)(f) GDPR.

We process invoices, tax records, and legal correspondence where required to comply with law. The legal basis is Art. 6(1)(c) GDPR.

Where we ask for consent, such as for optional communications or optional non-essential services, the legal basis is Art. 6(1)(a) GDPR. You may withdraw consent with effect for the future.

Jetpacked uses GitHub OAuth and GitHub App installation flows to authenticate you and access the repositories you select. Depending on your GitHub installation settings, Jetpacked may receive repository metadata, branch data, installation data, and temporary access tokens required to clone and deploy selected projects.

We do not sell repository data. Repository contents are processed to analyze and deploy your project, troubleshoot deployments, and operate the platform.

Jetpacked analyzes repositories with its deployment engine first. AI is only used for narrow recovery tasks, such as suggesting a missing start command, runtime version, or deployment failure explanation.

For start-command and runtime recovery, AI receives structured metadata such as detected framework, dependency names, root file names, and build scripts. For deployment failure diagnosis, logs are redacted before they are sent for analysis.

Stored environment variables, generated service credentials, tokens, and private configuration are stored encrypted and are not sent to AI providers.

Jetpacked creates and operates containers and supporting services for your projects. Runtime logs may include application output generated by your code. You are responsible for ensuring your application does not log sensitive personal data or secrets unnecessarily.

If your deployed application processes personal data of its own users, you are responsible for the lawful basis, privacy notices, and user requests for that application. Jetpacked provides the infrastructure and may process that data on your behalf as a processor.

Where Jetpacked processes personal data contained in customer applications, databases, logs, backups, or deployment infrastructure on behalf of a customer, Jetpacked acts as a processor under Art. 28 GDPR. In those cases, the customer remains the controller and is responsible for the lawfulness of the processing in their application.

A data processing agreement, also known in German as an Auftragsverarbeitungsvertrag or AVV, may be required before production use. The agreement should describe the subject matter, duration, nature, purpose, categories of data, categories of data subjects, technical and organizational measures, subprocessors, assistance duties, and deletion or return of data after the end of the service.

Jetpacked uses technically necessary cookies and similar storage for login sessions, CSRF protection, security, and basic application state. These are required to provide the service.

Jetpacked uses Google Tag Manager and Google Analytics with Google Consent Mode. Google tags may load before you make a choice, but analytics storage, advertising storage, ad user data, and ad personalization are set to denied by default.

Google Analytics is a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. Google Analytics uses cookies and similar technologies to help us understand how visitors use the website, compile reports about website activity, and improve Jetpacked.

Until you accept analytics, Google Analytics is configured not to use analytics cookies or browser storage. Depending on Google Consent Mode behavior, Google may still receive limited cookieless pings such as consent state and basic technical signals. If you consent to analytics, additional information about your use of the website may be transmitted to and processed by Google. This may include technical information such as your IP address, browser information, device information, visited pages, referrer URLs, and timestamps. Google may process this information on servers outside the European Economic Area, including in the United States.

The legal basis for optional analytics is your consent under Art. 6(1)(a) GDPR and, where applicable, Section 25(1) TDDDG. You may withdraw your consent at any time with effect for the future by reopening the cookie preferences.

More information about Google Analytics and Google privacy practices is available at https://policies.google.com/privacy and https://support.google.com/analytics/answer/6004245.

We may use service providers for infrastructure hosting, database hosting, logging, email delivery, GitHub integration, AI-assisted analysis, backups, and security monitoring. These providers process data only as needed to provide their services to Jetpacked.

Current expected provider categories include GitHub for authentication and repository access, infrastructure providers for servers and storage, logging infrastructure for deployment and runtime logs, and AI providers for limited gap recovery.

Some providers may process data outside the European Economic Area. Where this happens, we rely on an adequacy decision, EU Standard Contractual Clauses, or another lawful transfer mechanism under Chapter V GDPR.

We keep account and project data while your account or project remains active. Deployment logs, runtime logs, and operational diagnostics are retained only as long as needed for troubleshooting, security, and platform operation, unless a longer retention period is legally required.

You may delete projects or request account deletion. Some data may remain in backups, audit logs, invoices, or security records until the applicable retention period expires.

Subject to the GDPR, you may request access, rectification, erasure, restriction, portability, and objection to processing. You may also withdraw consent where processing is based on consent.

You may lodge a complaint with a competent data protection supervisory authority. If you are in Germany, this may be the supervisory authority responsible for your federal state or the state where the controller is established.

For privacy requests, use the contact details listed on the Legal page.