Legal
Privacy Policy
Effective July 6, 2026 · Firedrill Software · runfiredrill.com
1The short version
We collect the minimum needed to run a backup-verification service: your account email, billing details (held by Stripe), encrypted connection strings, encrypted backups of databases you connect, and operational records (backup and drill results). We don't sell data, we don't run ad trackers, and your database contents are encrypted before they reach storage.
2What we collect and why
- Account data — email address and name (from magic-link sign-in or GitHub OAuth), organization name, plan. Used for authentication, alerts, and billing.
- Database connection strings — encrypted with a per-project key on arrival; stored only as ciphertext; never displayed again or logged. Used solely to take backups with the read-only role you provide.
- Backup contents — whatever your database contains, encrypted with AES-256-GCM before storage. We process it to take backups and run drills; drill copies are destroyed after each drill. We do not read, mine, or analyze your database contents beyond the recorded integrity checks (schema hash, row counts, index validity, sample-query success).
- Operational records — backup and drill metadata (timestamps, sizes, check results, errors). Retained as your audit trail, including after backups are pruned.
- Free drill submissions — the URL you provide is used once to fetch the file, the restored copy is destroyed after the checks, and we keep the check results and your email (rate-limited to one drill per email per month).
- Payment data — handled by Stripe. We store your Stripe customer ID and subscription status, never card numbers.
3What we don't do
- No sale or rental of personal data, ever.
- No third-party advertising trackers on the site.
- No use of your database contents for anything but backups and drills.
- No plaintext storage of connection strings or backup data.
4Subprocessors
These providers process data on our behalf:
| Provider | Purpose | Region |
|---|---|---|
| Google Cloud | Backup storage (encrypted) and drill infrastructure | US |
| Netlify | Web application hosting | US |
| Neon | Control-plane database (account, project, and audit records) | US |
| Stripe | Payment processing and billing | US |
| Resend | Transactional email delivery | US |
| ImprovMX | Inbound email forwarding | EU |
| Sentry | Error monitoring (no customer database contents) | US |
| Healthchecks.io | Pipeline heartbeat monitoring (no customer data) | EU |
We'll update this list before adding subprocessors that touch customer data.
5Retention and deletion
Backups follow your plan's retention policy and are pruned automatically. When you delete a project, its backups are deleted. When you cancel, remaining backup objects are deleted 30 days after subscription end. Audit records (metadata, drill results) may be retained longer as business records. To delete your account and associated personal data entirely, email us — we complete deletion within 30 days, minus what we must keep for legal/accounting purposes.
6Cookies
We use strictly necessary cookies only: your sign-in session. No analytics or advertising cookies — which is why there's no cookie banner.
7Your rights
Depending on your jurisdiction (GDPR, CCPA, and similar), you may have rights to access, correct, export, or delete your personal data, and to object to processing. Email info@runfiredrill.com and we'll honor them. You can export your operational records any time via the dashboard or API.
8Changes and contact
Material changes to this policy will be announced by email with at least 14 days' notice. Questions about privacy or security practices: info@runfiredrill.com — see also our security page.