escrowr
Sign in

Privacy Policy

Last updated: January 8, 2026

Escrowr ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our service.

Information We Collect

Account Information

  • Email address - For authentication and notifications
  • Name - Optional, for personalization
  • Profile picture - From connected accounts

Connected Service Data

  • GitHub - Username, user ID, and OAuth tokens for repository access
  • CFX Portal - Encrypted forum session cookie for Portal authentication

Resource and Build Data

  • Repository names and identifiers
  • Commit hashes, messages, and author information
  • Build logs and status
  • Bandwidth usage metrics

Source Code

We do not permanently store your source code. Code is temporarily processed in memory to upload to CFX Portal, then immediately discarded. Temporary files are deleted within minutes.

Payment Information

Payments are processed by Stripe. We store only Stripe customer and subscription IDs. We never have access to your full card number.

How We Use Your Information

  • Provide and maintain the service
  • Process builds and upload to CFX Portal on your behalf
  • Send transactional notifications (build status, team invites)
  • Process subscription payments
  • Monitor usage and enforce plan limits
  • Diagnose technical issues and improve the service

Data Sharing

We share data only with services necessary to operate:

  • CFX Portal - Resource uploads using your credentials
  • GitHub - Repository access via OAuth
  • Stripe - Payment processing
  • Trigger.dev - Background job processing
  • Cloudflare R2 - Temporary file storage
  • Vercel - Application hosting
  • Neon - Database hosting
  • Sentry - Error monitoring and crash reporting
  • Resend - Transactional email delivery

We do not sell your personal data to third parties.

Data Security

  • CFX cookies are encrypted with AES-256 at rest
  • All traffic uses HTTPS encryption
  • OAuth tokens are stored securely and refreshed automatically
  • Database access is restricted and encrypted
  • Webhook payloads are signed with HMAC-SHA256

Data Retention

  • Account data - Retained until you delete your account
  • Build logs - Retained for 90 days
  • Usage records - Retained for billing purposes (12 months)
  • Source code - Not retained (processed in memory only)
  • Temporary files - Deleted within 24 hours

Your Rights

You have the right to:

  • Access - Request a copy of your personal data
  • Correction - Update inaccurate information
  • Deletion - Delete your account and associated data
  • Portability - Export your data in a machine-readable format
  • Objection - Object to certain data processing

Exercise these rights via account settings or contact support@escrowr.dev.

Data Location

Our services and data are primarily hosted in the United States. By using Escrowr, you consent to data transfer to the US. We use service providers that comply with applicable data protection standards.

Cookies

We use only essential cookies required for authentication and session management. We do not use advertising or tracking cookies. See our Cookie Policy for details.

Children

Escrowr is not intended for users under 13 years of age. We do not knowingly collect personal information from children.

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or prominent notice on the service. Continued use after changes constitutes acceptance.

Contact

For privacy-related questions or to exercise your rights, contact support@escrowr.dev.

← Back to home|Terms of ServiceCookie PolicyAcceptable Use