main page

Privacy Policy & Regulations

Last updated: 14 May 2026


Introduction

Welcome to Deployer, a software provisioning and deployment platform developed and operated by Michał Wołodkiewicz Quipu. This Privacy Policy describes how we collect, use, store, and protect your personal data when you use our services.

We are committed to protecting your privacy and handling your personal data in full compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and applicable national data protection laws. This policy applies to all users accessing our services from the European Economic Area (EEA).

Data Controller:
Michał Wołodkiewicz Quipu
michal@quipu.software

We collect only the personal data necessary to provide and improve our service — account information for authentication, technical configuration data provided during server provisioning (retained only for the duration of each task), and anonymised usage statistics. We do not sell your personal data to third parties under any circumstances.

This policy outlines your rights under GDPR and explains how you can exercise full control over your data. Please read each section carefully.

What Data We Collect

We apply the principle of data minimisation — we collect only what is strictly necessary to operate the service. The following table describes each category of data we collect, its purpose, and how it is handled.

Email address
Collected at registration and used exclusively for authentication. Your email is managed by our identity system and is never shared with analytics or any other subsystem. We do not use it for marketing communications.
IP address
Recorded transiently per request for rate limiting purposes only — to protect the service from abuse and ensure fair use. IP addresses are not stored beyond the immediate request processing and are not used for tracking or profiling.
Usage analytics
Anonymised data about page views and navigation flows, collected through our analytics platform. Analytics data contains no personal identifiers and cannot be linked to your account or email address. We track which pages are visited and how users navigate the application in order to improve the service.
Provisioning configuration data
When you provision software on your server, you provide technical configuration data including: server IP address, SSH port, SSH credentials (username, password or private key), domain name, and SSL certificate material. Depending on the software being installed, this may also include application-specific configuration such as database credentials or administrator details (e.g. first name, last name, and admin email for a Prestashop installation). This data is processed exclusively to carry out the provisioning task on your behalf. It is stored encrypted at rest and is permanently anonymised — overwritten with random values — immediately upon task completion or failure. It is never used for any purpose other than performing the requested installation.

We do not collect payment information, precise location data, or any special categories of personal data as defined under GDPR Article 9. Any personal details provided as part of application configuration (such as an administrator name or email) are processed transiently and anonymised after provisioning ends.

Legal Basis for Processing

Under GDPR Article 6, every processing activity must have a lawful basis. The table below states the legal ground for each category of data we process.

How We Use Your Data

We use personal data only for the specific purposes for which it was collected. The following describes exactly how each category of data is used.

Email address
Used for two account management purposes, both handled by our identity management system: verifying your email address at registration, and sending password reset instructions when requested. We do not send marketing emails, newsletters, or any other unsolicited communications.
IP address
Used exclusively to apply per-request rate limiting, protecting the service from abuse and ensuring fair access for all users. Your IP address is evaluated in memory during request processing and is not written to any persistent storage or used for any other purpose.
Provisioning configuration data
Used solely to connect to your server and carry out the software installation you have requested. This data is never shared, analysed, or processed beyond the scope of the task. Once the task completes or fails, all configuration data is anonymised and can no longer be attributed to you or your server.
Usage analytics
Used to understand how the application is navigated, identify areas for improvement, and monitor overall usage patterns. Because this data is fully anonymised before collection, it cannot be attributed to any individual user and is used purely at an aggregate level to guide product decisions.

We never use your data for advertising, behavioural profiling, or automated decision-making. We never sell your data or share it with third parties for their own commercial purposes.

Third Parties & Subprocessors

We share personal data only with subprocessors who are necessary to operate the service. All subprocessors are bound by a Data Processing Agreement (DPA) in accordance with GDPR Article 28 and are required to process data solely on our documented instructions.

Cookies

We use the minimum number of cookies necessary to operate the service. We do not use any cookies for tracking, profiling, advertising, or behavioural analytics.

No cookies are set on the application domain itself. Our analytics platform operates in cookieless mode and stores no information in your browser. The cookies listed below are set exclusively by our identity management system on its own separate domain during the authentication flow.

Under the ePrivacy Directive (Article 5(3)), strictly necessary cookies do not require user consent because they are essential for delivering the service you have requested. For this reason, we do not display a cookie consent banner. We additionally honour your browser's Do Not Track (DNT) setting — if DNT is enabled, no analytics data is collected regardless of the cookieless configuration.

Data Retention

In accordance with the storage limitation principle (GDPR Article 5(1)(e)), we retain personal data only for as long as necessary to fulfil the purposes for which it was collected. The following table sets out the retention period for each category of data.

Email address
Retained for as long as your account is active. When you delete your account, your email address is removed immediately — there is no grace period.
IP address
Not retained. IP addresses are evaluated in memory during request processing for rate limiting and are not written to any persistent storage.
Provisioning credentials & configuration
Retained only for the duration of the provisioning task. Immediately after the task completes or fails, all credentials and configuration values (SSH credentials, passwords, keys, SSL material, and any administrator details) are overwritten with random values and can no longer be attributed to you or your server.
Provisioning task history
Task metadata (task type, status, timestamps) is retained indefinitely so that you can review your past activity. Upon account deletion, the link between this historical data and your account is severed, after which the records can no longer be attributed to any individual and cease to be personal data under GDPR Recital 26.
Usage analytics
Anonymised analytics data is automatically deleted after 180 days. As this data does not constitute personal data, this period reflects our operational policy rather than a GDPR requirement.
Authentication cookies
Set by our identity management system and persist only for the duration of your authentication session. They expire automatically when you sign out or when the session times out.

Database backups are retained for a maximum of 14 days. This means that for up to 14 days after data is deleted or anonymised, a copy may still exist in our backup archives. Backups are never restored to undo a user's deletion request and are themselves overwritten on the same 14-day rolling cycle.

Data Security

In accordance with GDPR Article 32, we implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. The measures we have in place are described below.

Encryption in transit
All communication between your browser and our services is served exclusively over HTTPS (TLS). Plain HTTP requests are automatically redirected to HTTPS. The same applies to our identity management and analytics endpoints.
Field-level encryption at rest
Sensitive fields in our database — including any provisioning credentials retained during a task — are encrypted using AES with a private key held only on our application servers. This means that even with direct read access to the database, sensitive data cannot be recovered without the encryption key.
Physical security
Our production servers are hosted in professional data centres operated by our hosting subprocessor in Poland, with controlled physical access. While the underlying storage is not encrypted at the disk level, sensitive personal data is protected by the field-level AES encryption described above, which remains effective regardless of physical access to the disk.
Connection to your servers
When we connect to your server to perform a provisioning task, the connection uses the SSH protocol, which provides strong end-to-end encryption by design.
Access control
Administrative access to production systems is restricted to the data controller alone. Multi-factor authentication (MFA) is enabled on every administrative panel, including hosting, database, identity management, and analytics interfaces.
Backup security
Our hosting provider does not currently offer disk-level encryption for backup storage. To compensate, sensitive fields remain encrypted with AES even within backup files, so credentials and other sensitive data cannot be recovered from a backup alone. Backups are retained for a maximum of 14 days on a rolling cycle.
Breach notification
In the event of a personal data breach, we will notify the Polish supervisory authority (UODO) within 72 hours of becoming aware of it, as required by GDPR Article 33. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay, as required by Article 34.

No security measure is absolute. While we apply the safeguards described above and continuously work to improve them, the transmission and storage of data over the internet cannot be guaranteed to be 100% secure. We are committed to keeping our security posture under review and to adopting stronger measures as our service evolves.

Right of Access

Under GDPR Article 15, you have the right to obtain confirmation as to whether we process personal data about you and, if so, to access that data and receive information about how it is being processed.

Self-service access
Most of the personal data we hold about you is directly visible within the application. You can view your email address in your account settings and your provisioning task history on the main dashboard at any time.
Formal access request
To obtain a formal copy of all personal data we hold about you, together with information on its sources, processing purposes, recipients, and retention periods, send a written request to michal@quipu.software from the email address associated with your account.
Response time
We will respond to your request within one month of receipt, in accordance with GDPR Article 12(3). For particularly complex or numerous requests, this period may be extended by up to two additional months — if so, we will inform you of the extension and the reasons for it within the original one-month window.
Identity verification
To protect your personal data from unauthorised access, we may need to verify your identity before fulfilling a request. This typically means confirming that the request was sent from the email address associated with your account. We will only request additional verification if we have reasonable doubts about your identity.
Cost
Exercising your right of access is free of charge. In line with GDPR Article 12(5), we may charge a reasonable fee or refuse to act only where requests are manifestly unfounded, excessive, or repetitive.

Right to Withdraw Consent

Under GDPR Article 7(3), where processing is based on consent you have the right to withdraw that consent at any time, and withdrawal must be as straightforward as giving it. The lawfulness of processing carried out before withdrawal is not affected.

Our current position
We do not currently rely on consent as a legal basis for any processing activity. As described in section 3, your data is processed under either Contract (Article 6(1)(b)) or Legitimate Interests (Article 6(1)(f)). Because no consent has been collected, there is no consent for you to withdraw.
How to stop processing today
To stop processing that takes place under Contract, you can delete your account at any time — this will terminate the service and remove your personal data as described in section 7. To stop processing that takes place under Legitimate Interests (rate limiting), you can exercise your Right to Object under GDPR Article 21, described in section 13.
If consent-based processing is introduced in the future
Should we ever introduce a feature that requires consent — for example optional product communications or non-anonymous analytics — we will ask for your consent in a clear, granular and informed manner, and provide an equally simple mechanism to withdraw it at any time, without affecting your ability to use the rest of the service.

Do Not Track

"Do Not Track" (DNT) is a browser setting that allows you to express a preference not to be tracked across websites. Although DNT is not a legal requirement under GDPR and the W3C standard is no longer being actively maintained, we believe respecting this signal is a meaningful expression of user choice — so we honour it.

How we respect DNT
When your browser sends a "Do Not Track" header with the value "1", our application detects this signal at startup and does not load the analytics tracker at all. No analytics events are sent, no analytics scripts are downloaded, and no analytics-related network requests leave your browser.
How to enable Do Not Track
DNT can typically be enabled in your browser's privacy settings. In Firefox, this option is available under Settings → Privacy & Security → "Send websites a Do Not Track signal". Some browsers (notably Chrome and Safari) have removed the DNT control from their settings UI in recent versions; in that case you may need to use a privacy-focused browser or extension that sends the DNT header.
Even without DNT, you are protected
If your browser does not send a DNT signal, our analytics platform still operates in cookieless mode with full anonymisation — analytics data cannot be linked to you or your account regardless of your DNT setting. DNT support is an additional safeguard layered on top of the privacy-by-default architecture described in earlier sections.

Right to Data Portability

Under GDPR Article 20, you have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format, and to transmit that data to another data controller without hindrance from us.

Scope of the right
Data portability applies only to personal data that you have provided directly to us, that is processed by automated means, and that is processed on the basis of Contract or Consent. As described in section 3, only your account information and the configuration data you submit when requesting a provisioning task fall within this scope. It does not apply to data processed under Legitimate Interests (such as IP-based rate-limiting metadata) or to anonymised analytics data.
What data we can export
Upon request, we will provide you with a copy of: (i) the email address associated with your account, and (ii) the history of provisioning tasks you have created, including task type, status, timestamps, and the configuration values you originally supplied. Sensitive credentials that have been anonymised after task completion are not recoverable and cannot be included.
Format
The exported data is provided as a JSON file by default, which is structured, widely supported, and directly parseable by other systems. If you require a different machine-readable format such as CSV or XML, please specify this in your request.
How to make a request
Send a written request to michal@quipu.software from the email address associated with your account. We will respond within one month, in line with the timing and identity verification process described in section 9.
Transmission to another controller
Where it is technically feasible, we can transmit your data directly to another controller you designate. Please include the name and technical contact of the receiving controller in your request. If direct transmission is not feasible, we will provide the export to you so that you can forward it yourself.

Right to Object

Under GDPR Article 21, you have the right to object — on grounds relating to your particular situation — to the processing of your personal data carried out under Legitimate Interests. Where you object, we must stop processing unless we can demonstrate compelling legitimate grounds that override your interests, rights and freedoms.

Scope of the right
The Right to Object applies only to processing that takes place under the Legitimate Interests legal basis. As described in section 3, the only processing activity to which this applies is the use of your IP address for rate limiting. Processing carried out under Contract (your email address and provisioning data) is not subject to this right — you may instead stop such processing by deleting your account.
How to object
Send a written objection to michal@quipu.software, explaining the particular reasons related to your situation that lead you to object. We will consider each objection individually and respond within one month, in line with the timing and identity verification process described in section 9.
What happens after an objection
We will weigh your specific reasons against our legitimate interest in protecting the service from abuse. Because rate limiting processes IP addresses transiently (in memory, not persisted) and the privacy impact is minimal, we may in some cases conclude that our interest in service integrity overrides the objection. If we reach this conclusion we will explain our reasoning in writing, and you retain the right to lodge a complaint with the supervisory authority as described in section 16.
Direct marketing
Under GDPR Article 21(2), the right to object to direct marketing is absolute and requires no justification on your part. We currently do not carry out any direct marketing activities. If we were to introduce them in the future, we would do so on an opt-in basis and provide an immediate, no-questions-asked opt-out mechanism.

Right to Erasure & Historical Data

Under GDPR Article 17 (the "right to be forgotten"), you have the right to obtain erasure of your personal data without undue delay where the data is no longer necessary for the purposes for which it was collected, where you successfully object to processing, or where the data has otherwise been unlawfully processed.

Self-service deletion
You can delete your account at any time through the account management interface of our identity system. The deletion is immediate and does not require contacting us. Your email address is removed from our records the moment the deletion is confirmed.
Formal erasure request
If you encounter difficulty using the self-service option, or if you wish to request erasure of specific personal data without deleting your entire account, send a written request to michal@quipu.software from the email address associated with your account. We will respond within one month, following the timing and identity verification process described in section 9.
What is erased
Upon erasure, your email address and any direct identifiers linked to your account are removed from our active systems immediately. IP addresses are never persisted, so there is nothing to erase. Provisioning credentials and configuration data have already been anonymised at the end of each task as described in section 7, and therefore cannot be re-identified.
Provisioning task history
The metadata of your past provisioning tasks (task type, status, timestamps) is retained but the link between this metadata and your account is severed at the moment of erasure. Once severed, the records can no longer be attributed to any individual and cease to constitute personal data under GDPR Recital 26. This irreversible un-linking is, in practice, equivalent to deletion from a personal-data perspective.
Erasure and backups
Your data may continue to exist in our database backups for a maximum of 14 days after erasure, as described in section 7. Backups are never restored to bring deleted data back into the live system and are themselves overwritten on the same 14-day rolling cycle, after which all traces are gone.
Limitations
GDPR Article 17(3) recognises that erasure may be refused in limited circumstances — in particular, where retention is necessary for compliance with a legal obligation or for the establishment, exercise or defence of legal claims. We do not currently rely on any of these exceptions, but if we did refuse an erasure request on these grounds, we would explain our reasoning to you in writing and inform you of your right to lodge a complaint with the supervisory authority.

Anonymising Features

In line with the principle of "data protection by design and by default" set out in GDPR Article 25, anonymisation is built into our architecture rather than offered as a reactive option. The features below describe how we proactively reduce the amount of personal data we hold — often to the point where the data ceases to be personal data at all under GDPR Recital 26.

Automatic anonymisation of provisioning data
Once a provisioning task completes or fails, every piece of credential and configuration data you provided — SSH passwords, private keys, SSL material, administrator details, database credentials, and any other inputs — is overwritten in place with random values. This is automatic, irreversible, and requires no action on your part. After this process, no operator (including the data controller) can recover the original values from any source.
Cookieless and anonymised analytics by default
Our analytics platform is configured in cookieless mode with full anonymisation enabled at the source. Identifiers that would normally be collected — such as truncated IP addresses or visitor IDs — are stripped before any data is recorded. The result is aggregate usage data that cannot be correlated back to individual users.
Transient IP handling
IP addresses are processed exclusively in memory for the duration of a single request and are never written to persistent storage. Once the request completes, the IP value is discarded by the operating system along with the request context — leaving no record to anonymise later because no record was ever created.
Account-history unlinking on deletion
When you delete your account, the references between your identity and your historical provisioning task records are severed irreversibly. The historical records continue to exist for operational and statistical purposes, but they can no longer be attributed to you or to any other identified or identifiable person. This conversion of personal data into anonymous data is a form of erasure recognised by GDPR.

The most privacy-protective data is the data that does not exist. Where complete anonymisation is feasible without compromising the service, we apply it automatically rather than wait for users to request it. This approach reduces the scope of personal data we hold, limits our retention obligations, and minimises the impact of any future security incident.

Right to Lodge a Complaint

Under GDPR Article 77, you have the right to lodge a complaint with a data protection supervisory authority if you believe that our processing of your personal data infringes the GDPR. This right is in addition to — and does not affect — any other administrative or judicial remedy available to you.

Our supervisory authority

As we are established in Poland, our lead supervisory authority is the Polish Personal Data Protection Office (Urząd Ochrony Danych Osobowych — UODO). You can contact UODO at:

Urząd Ochrony Danych Osobowych (UODO)
ul. Stawki 2, 00-193 Warsaw, Poland
Phone: +48 22 531 03 00
Email: kancelaria@uodo.gov.pl
Website: https://uodo.gov.pl/en/
Lodging a complaint elsewhere in the EU
Under GDPR Article 77(1), you may lodge your complaint with the supervisory authority of the EU Member State where you have your habitual residence, where you work, or where the alleged infringement took place. A list of all national data protection authorities in the EU is published by the European Data Protection Board at https://edpb.europa.eu/about-edpb/about-edpb/members_en.
Before lodging a complaint
We always welcome the opportunity to resolve any concern directly. If you have a question or are unhappy with how we have handled your personal data, please consider contacting us first at michal@quipu.software — but this is a suggestion, not a precondition. You can lodge a complaint with the supervisory authority at any time without contacting us first.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our processing practices, legal requirements, or operational changes. Any changes will be effective immediately upon posting to this page.

How we notify you
Material changes to this policy will be communicated to you by email to the address associated with your account. The date at the top of this page will always be updated to reflect the date of the most recent revision. You are responsible for reviewing this policy periodically; your continued use of the service following the publication of changes constitutes your acceptance of the updated policy.
What is considered a material change
Changes are considered material if they alter how we collect, use, retain, or protect your personal data; expand the categories of data we collect; introduce new recipients of personal data; affect your rights; or reduce your control over your data. Minor clarifications, corrections, or improvements to security practices are not typically considered material and will not trigger notification emails.
Your rights remain unchanged
No change to this policy will reduce the rights you have under GDPR. If a revised policy is less protective of your personal data, you have the right to object or withdraw your consent before the change takes effect. Significant reductions in your rights would be communicated with a notice period of at least 30 days.

Contact Us

If you have any questions about this Privacy Policy, our processing practices, or how we handle your personal data, we welcome you to get in touch. You can contact us using the details below.

Data Controller
Michał Wołodkiewicz Quipu
Email: michal@quipu.software
Types of requests we handle
The contact details above are for: privacy and data protection inquiries; requests to exercise your GDPR rights (access, portability, erasure, objection); concerns about our processing practices; and general feedback about how we handle your personal data.
To lodge a formal complaint
For formal complaints regarding our data processing practices, you have the right to lodge a complaint with the Polish Personal Data Protection Office (UODO) — please see section 16 for contact details and the right to lodge a complaint with other supervisory authorities.
Response time
We aim to respond to all privacy-related inquiries and formal GDPR rights requests within 7 business days. For formal rights requests, we are required by law to respond within one month, and may extend this period by up to two additional months for complex requests — if we do so, we will inform you of the extension and the reasons for it.
main page