Privacy Policy
Last updated: March 28, 2026
The short version: Azzor collects what's necessary to run your account and environments. We don't sell your data. Ever. We use GitHub for authentication, Stripe for billing, and a hosting provider to run the infrastructure. You can request your data or ask us to delete it at any time.
1. Who We Are
Azzor is operated by Cooper Sellers, a sole proprietor based in Austin, Texas. When we refer to "Azzor," "we," "us," or "our," we mean Cooper Sellers doing business as Azzor.
The Service is the hosted platform available at azzor.com, including the dashboard, REST API, and any managed services we operate.
2. What We Collect
Account & Profile Information
When you sign in with GitHub, we receive and store:
- Your GitHub user ID, username, and display name
- Your primary email address from GitHub
- Your GitHub avatar URL
- An OAuth access token (used to interact with the GitHub API on your behalf)
Usage Data
As you use the Service, we collect data about your activity:
- Environments you create, their configuration, status, and lifecycle events
- Projects and organizations you create or are a member of
- API requests including endpoint, timestamp, response status, and IP address
- Agent jobs dispatched, their commands, output, and duration
- Webhook events received and their processing status
- Dashboard interactions and feature usage patterns (aggregate, not individual keystroke tracking)
Billing Information
If you subscribe to a paid plan, billing is handled by Stripe. We store:
- Your Stripe customer ID and subscription status
- Your chosen plan and billing period
- Payment history and invoice records
We do not store your full credit card number, CVV, or other payment details — those are handled entirely by Stripe.
Technical & Log Data
We collect standard server and application logs, including:
- IP addresses and user agent strings
- Page requests and API calls with timestamps
- Error logs and crash reports
- Environment provisioning logs (build output, deployment steps)
Secrets & Configurations
If you store secrets in Azzor's secrets vault, those values are encrypted at rest with AES-256-GCM. We process them only to inject them into your environments — we do not read or log their plaintext values.
3. How We Use It
| Purpose | Data Used |
|---|---|
| Account management & authentication | GitHub profile info, email, OAuth token |
| Providing the Service (provisioning environments, running jobs) | Project configs, environment specs, secrets |
| Billing & subscription management | Stripe customer ID, plan data, payment history |
| Customer support & troubleshooting | Account info, usage data, error logs |
| Security & fraud prevention | IP addresses, usage patterns, log data |
| Service improvement & analytics | Aggregate usage patterns (not individual tracking) |
| Legal compliance & enforcement | As required by applicable law |
We don't use your data for advertising or sell it to data brokers.
4. Third-Party Services
Running Azzor requires integrating with third-party providers. Here's who we share data with and why:
Stripe (Payment Processing)
We use Stripe to process payments. When you subscribe to a paid plan, Stripe receives your billing details directly. We share your email address and plan information with Stripe to create your customer record. Stripe's privacy policy: stripe.com/privacy.
GitHub (Authentication)
GitHub OAuth powers our authentication flow. We receive your profile information from GitHub as described above. GitHub's privacy policy: GitHub Privacy Statement.
Laravel Forge (Infrastructure Provisioning)
For hosted environments, we use Laravel Forge to provision and manage servers. Forge receives configuration data necessary to create your environments (repository URLs, server specs, deployment scripts). Forge's privacy policy: forge.laravel.com/privacy-policy.
Cloudflare (DNS)
We use Cloudflare to create and manage DNS records for your environments. Cloudflare receives the subdomain names and IP addresses needed to route traffic to your environments. Cloudflare's privacy policy: cloudflare.com/privacypolicy.
Hosting Provider
The Azzor application itself runs on cloud infrastructure. Our hosting provider may process any data that passes through or is stored on the servers they operate.
5. Data Sharing
We do not sell, rent, or trade your personal information to third parties. We share your data only in these circumstances:
- Service providers: As described above, with Stripe, GitHub, Forge, Cloudflare, and our hosting provider — only what's needed to provide the Service.
- Legal requirements: If required by law, court order, or government authority, or to protect the rights, property, or safety of Azzor, our users, or others.
- Business transfers: If Azzor is acquired or merges with another entity, your data may be transferred as part of that transaction. We'll notify affected users before any such transfer occurs and give you an opportunity to export or delete your data.
- With your consent: For any other purpose, only with your explicit consent.
6. Data Retention
We keep your data for as long as your account is active or as needed to provide the Service. Here's what happens to different types of data:
- Active environments: Environment data is deleted when the environment is destroyed. Azzor environments are ephemeral by design.
- Account data: Retained while your account is open. Deleted within 30 days of account closure upon request.
- Billing records: Retained for 7 years as required for tax and accounting compliance, even after account closure.
- Server logs: Retained for up to 90 days for security and debugging purposes.
- Secrets: Deleted when you remove them or when your account is closed.
7. Security
We take security seriously. Our measures include:
- TLS encryption for all data in transit
- AES-256-GCM encryption for secrets at rest
- Hashed passwords (we authenticate via GitHub OAuth — we don't store passwords)
- Access controls limiting which team members can access production data
- Regular security reviews
No system is perfectly secure. If you discover a security vulnerability, please report it responsibly to support@azzor.com rather than disclosing it publicly.
8. Your Rights
You have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Correction: Ask us to correct inaccurate or incomplete data. (Most profile data is managed through GitHub — update it there first.)
- Deletion: Request that we delete your personal data. We'll comply within 30 days, subject to legal retention obligations (like billing records).
- Export: Request your data in a machine-readable format.
- Restriction: Ask us to limit processing of your data in certain circumstances.
- Objection: Object to processing of your data for specific purposes.
To exercise any of these rights, email us at privacy@azzor.com. We'll respond within 30 days. We may need to verify your identity before processing certain requests.
You can also close your account directly from your account settings, which will initiate deletion of your data.
9. California Residents (CCPA)
If you're a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:
- Right to Know: You can request disclosure of the categories and specific pieces of personal information we've collected about you.
- Right to Delete: You can request deletion of your personal information, subject to certain exceptions.
- Right to Opt-Out of Sale: We do not sell personal information, so this right does not apply. We will not sell your data.
- Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
To exercise your CCPA rights, contact us at privacy@azzor.com or use the account deletion feature in your settings. You may designate an authorized agent to make requests on your behalf.
10. EEA/UK Residents (GDPR)
If you're in the European Economic Area or the United Kingdom, the General Data Protection Regulation (GDPR) or UK GDPR applies to our processing of your personal data.
Legal Bases for Processing
We process your personal data on the following legal bases:
- Contractual necessity: Processing needed to provide the Service you've signed up for (account management, environments, billing).
- Legitimate interests: Processing for security, fraud prevention, and service improvement, where our interests don't override your rights.
- Legal obligation: Where required by applicable law (e.g., retaining billing records).
- Consent: Where we ask for and receive your consent (e.g., optional analytics).
Data Transfers
Azzor is operated from the United States. If you're outside the US, your data is transferred to and processed in the US. We implement appropriate safeguards for international transfers as required under applicable law.
Your GDPR Rights
In addition to the rights listed in Section 8, you have the right to lodge a complaint with your local data protection authority if you believe we've violated your data protection rights.
Contact us at privacy@azzor.com for any GDPR-related requests.
11. Children's Privacy
Azzor is not directed at children under the age of 18. We do not knowingly collect personal information from children. If you believe we've inadvertently collected data from a minor, please contact us at privacy@azzor.com and we'll delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we'll update the "Last updated" date at the top. For material changes — particularly those that affect how we use your data in new ways — we'll notify you by email before the changes take effect.
Your continued use of the Service after changes take effect constitutes acceptance of the updated Policy.
13. Contact Us
Privacy questions, data requests, or concerns? We'd rather hear from you than have you wonder.
Email: privacy@azzor.com
General support: support@azzor.com
Azzor is operated by Cooper Sellers, Austin, Texas, USA.