SpacePods← Back

Privacy Policy

Last updated: 24 February 2026

This Privacy Policy explains how SpacePods ("we", "us", "our") collects, uses, and protects your personal data when you use our platform.

1. Data We Collect

Account Data

  • Email address — provided during signup or via Google OAuth
  • Display name — optional, set during onboarding
  • Authentication tokens — managed by Supabase Auth (we do not store passwords in plaintext)

Pod Configuration Data

  • Bot names, agent types, and configuration settings
  • Policy rules (allowed domains, tool permissions, rate limits)
  • HITL channel preferences and contact information

Encrypted Secrets

  • API keys and credentials you provide for your bots are encrypted at rest using per-user encryption keys
  • We cannot read your stored secrets — they are decrypted only within your isolated pod at runtime

Audit and Usage Data

  • Bot action logs (what your bot did, when, and whether it was approved)
  • HITL request and response records
  • Chat messages between you and your bot
  • General usage analytics (page views, feature usage)

2. How We Use Your Data

  • To provide and operate the Service (running your pods, enforcing policies, delivering HITL notifications)
  • To authenticate you and manage your account
  • To display audit logs and activity history
  • To process payments and manage subscriptions
  • To send transactional emails (account confirmations, HITL alerts)
  • To improve the Service based on aggregated, anonymised usage patterns

3. Third-Party Services

We use the following third-party services to operate the platform:

  • Supabase — authentication, database, and file storage
  • Fly.io — pod infrastructure (isolated container hosting)
  • LemonSqueezy — payment processing and subscription management
  • Google — OAuth authentication (if you sign in with Google)

Each of these services has its own privacy policy. We only share the minimum data necessary for each service to function.

4. Data Storage and Security

  • Database — Supabase Postgres with row-level security (RLS) policies ensuring users can only access their own data
  • Secrets — encrypted at rest in a dedicated secrets vault; decrypted only within your pod's isolated runtime
  • Pod isolation — each bot runs in its own Fly.io machine with hardware-level isolation; pods cannot access other users' data
  • Transport — all connections use TLS/HTTPS encryption

5. Data Retention

  • Audit logs — retained according to your plan tier: 7 days (trial), 30 days (Pro), unlimited (Pro+)
  • Account data — retained for the lifetime of your account
  • After deletion — all data is permanently deleted within 30 days of account deletion

6. Your Rights

You have the right to:

  • Access — request a copy of the personal data we hold about you
  • Correction — update or correct inaccurate data via your account settings
  • Deletion — delete your account and all associated data at any time
  • Portability — request an export of your data in a machine-readable format
  • Objection — object to processing of your data for specific purposes

To exercise these rights, contact us at privacy@spacepods.io.

7. Cookies

We use only functional cookies necessary for authentication and session management. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

8. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal data from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The "Last updated" date at the top reflects when the policy was last revised.

10. Contact

If you have questions about this Privacy Policy, contact us at privacy@spacepods.io.