Effective: 22 May 2026
Privacy Policy
This Privacy Policy explains how IPFSHost collects, uses, and protects personal data when you use ipfshost.io, the dashboard, APIs, and email communications. It applies to account holders and visitors. Deployed site content you publish to IPFS is addressed separately in section 5.
1. Who we are
IPFSHost is operated as a static hosting platform at ipfshost.io. For privacy requests contact privacy@ipfshost.io.
2. Data we collect
Account data: email, password hash, workspace name, optional OAuth profile identifiers, invite/onboarding state, locale preference.
Deploy & usage data: repository metadata, build logs, CIDs, domain names, API key identifiers (not secret values after creation), bandwidth and storage metrics, abuse signals.
Technical data: IP address, user agent, request timestamps, session cookie (dashboard login), localStorage language preference (ipfshost_lang), and anonymized performance metrics (Web Vitals) on public pages.
OAuth: if you sign in with GitHub or Google, we receive profile identifiers and tokens per provider policy — used only to authenticate and connect repositories.
Support & email: messages you send to support, verification and notification emails we deliver.
3. How we use data
Provide and secure the hosting service; authenticate users; run builds and pinning; deliver sites; enforce Acceptable Use; bill paid plans; send transactional email; improve reliability and product experience; comply with law.
We do not sell your personal data. Marketing email, if sent, will include opt-out where required by law.
4. Browser storage
We use a session cookie to keep you signed in to the dashboard (HttpOnly, Secure in production). Language preference is stored in localStorage. The dashboard may store UI choices (e.g. active project) locally for convenience.
You can clear site data in your browser; blocking the session cookie prevents login. Third-party OAuth providers may set their own cookies when you use their login screens.
5. Legal bases (EEA/UK users)
Contract performance (hosting your sites); legitimate interests (security, abuse prevention, aggregated performance analytics); legal obligation; consent where required for optional communications.
6. Public IPFS content
Static files you deploy are stored in content-addressed form and may be requested via public gateways while pinned or cached on the network. Do not deploy personal data you are not authorized to publish. Removing a site from IPFSHost stops our pins and gateway routing; copies on third-party nodes may persist until garbage-collected.
8. Retention
Account data is kept while your account is active and for a limited period after deletion for backups, billing, and legal compliance. Build logs and metrics may be aggregated or anonymized for operations.
9. Your rights
Depending on your location you may have rights to access, correct, delete, restrict, port, or object to processing of your personal data. Contact privacy@ipfshost.io. You may lodge a complaint with your local supervisory authority.
10. Security
We apply industry-standard measures including TLS, access controls, and monitoring. No method of transmission or storage is 100% secure.
11. Children
The service is not directed to children under 16. If you believe we collected data from a child, contact us to delete it.
12. Changes
We may update this policy with a new effective date on this page.