Podflare

Privacy Policy

Effective 2026-04-19

Podflare ("we", "us") provides a cloud sandbox service for AI agents and their developers. This policy explains what information we collect, why we collect it, and how we use and share it. It applies to every user of podflare.ai and the Podflare APIs and SDKs.

Information we collect

Account information

When you sign up we collect your name, email address, and organization name through our identity provider. We use this to authenticate you, scope billing and resources to your workspace, and send service-related communication.

Usage information

We record lifecycle events for every sandbox: when it was created, which template it used, how long it ran, how many executions it served, and how many bytes were transferred. This data powers the usage dashboard and is the basis of billing.

Content you send to the API

Code you execute, files you upload, and data your sandbox produces are processed only for the purpose of serving your API request. We do not inspect, index, log the contents of, or train models on this data. Sandbox memory is isolated per instance; other customers cannot observe your workloads.

Operational logs

Our servers record request metadata — timestamps, source IP address, user agent, HTTP status, and latency — for security, abuse prevention, and performance monitoring. These logs are retained for 30 days and then deleted.

How we use your information

  • Provide, operate, and improve the service.
  • Authenticate requests and enforce access controls.
  • Measure usage for billing and capacity planning.
  • Detect and respond to abuse, fraud, and security incidents.
  • Communicate with you about updates and incidents.

Sharing and disclosure

We do not sell personal information. We share information only with service providers who help us operate Podflare — identity, database hosting, edge networking, and compute infrastructure — and only under written data-processing agreements that require them to keep the data confidential. We may disclose information to comply with a valid legal process, protect the rights or safety of users, or investigate policy violations.

Security

Each customer sandbox runs inside a hardware-isolated virtual machine with its own kernel and memory boundary, on a host that is not shared with other tenants' untrusted code. Network egress from sandboxes is disabled by default. API keys are stored as SHA-256 hashes; we never log the plaintext key. All traffic between your client, Podflare, and our database is encrypted in transit.

Data retention

Account information is retained while your account is active and for up to 30 days after deletion, then purged. Sandbox contents are destroyed when you close the sandbox or after 24 hours of inactivity, whichever comes first. Aggregated usage metrics are retained for 12 months to support billing reconciliation.

Your rights

You can access, correct, export, or delete the personal information we hold about you from your workspace settings or by emailing privacy@podflare.ai. Depending on where you live, you may have additional rights under GDPR, the UK GDPR, CCPA, or other privacy laws; we honor those rights.

International transfers

Podflare is operated from the European Union. If you access the service from outside the EU, your information may be transferred to, stored, and processed in a country with different data protection laws. We take steps to ensure these transfers comply with applicable law.

Children's privacy

Podflare is not directed to children under 16 and we do not knowingly collect their information.

Changes to this policy

We may update this policy from time to time. Material changes will be announced by email and posted on this page with a new effective date at least 14 days before taking effect.

Contact

Questions, concerns, or data-subject requests: privacy@podflare.ai.

Privacy Policy — Podflare