Privacy Policy
Last updated: March 2026
What we collect
We collect your email address and OAuth identity (GitHub or Google) when you sign up. We store the API credentials you connect, encrypted at rest. We log anonymous health check events to power collective incident detection — these contain no personally identifiable information.
How we use it
Your credentials are used solely to validate and inject them on your behalf. We do not sell, share, or use your data for advertising. Your email is used for account management and optional health alert notifications.
Storage & security
Credentials are encrypted in our database (Supabase). A local copy is also stored in your OS keychain via the MCP server. We use HMAC-signed requests between services and never log raw API keys.
Third parties
We use Clerk for authentication, Stripe for billing, and Supabase for storage. Each has their own privacy policy. We do not share your data beyond what is required to operate these services.
Deletion
You can delete your account and all associated data at any time from your account settings. Email hello@vallt.works if you need help.
Contact
Questions? Email hello@vallt.works.