Casc8Casc8
Terms of ServiceSign in
Legal

Privacy Policy

Last updated: April 17, 2026

1. Information We Collect

Account information: Name, email address, and hashed password when you register.

Usage data: Workflow execution logs, trigger events, and performance metrics required to operate the service.

API keys: Third-party API credentials you add are encrypted at rest and never transmitted to us in plain text.

Payment information: Billing is handled by Stripe. We do not store credit card numbers.

2. How We Use Your Information

  • To authenticate you and maintain your session
  • To execute your workflows and deliver results
  • To send transactional emails (password resets, email verification, execution failure alerts)
  • To process payments and manage subscriptions
  • To monitor service health and prevent abuse

We do not sell, rent, or share your personal data with third parties for marketing purposes.

3. Data Retention

We retain your data for as long as your account is active. Execution logs are retained for 90 days. When you delete your account, all personal data is permanently removed within 30 days.

4. Third-Party Services

Casc8 integrates with third-party AI providers (OpenAI, Anthropic, Groq) and services you connect. Data sent to these providers via your workflow nodes is governed by their respective privacy policies. We pass data to these services only at your explicit instruction via workflow execution.

5. Security

We use industry-standard security practices including:

  • Passwords hashed with bcrypt (cost factor 12)
  • Session tokens signed with JOSE encryption
  • API keys encrypted at rest
  • HTTPS enforced for all communications
  • Rate limiting on authentication endpoints

Despite these measures, no system is 100% secure. We encourage you to use strong, unique passwords and enable two-factor authentication when available.

6. Self-Hosted Instances

If you deploy Casc8 on your own infrastructure using our Docker image, all data remains entirely within your environment. We have no access to data stored on self-hosted instances.

7. Your Rights (GDPR / CCPA)

Depending on your jurisdiction, you may have the right to access, correct, export, or delete your personal data. You can export your workflow data from the dashboard at any time. To exercise any other data rights, contact us at privacy@casc8.app.

8. Cookies

We use a single session cookie (casc8_session) for authentication. We do not use tracking cookies or third-party analytics cookies.

9. Changes to This Policy

We may update this policy periodically. We will notify you of material changes via email. Your continued use of the service after changes take effect constitutes acceptance of the updated policy.

10. Contact

Privacy questions or requests: privacy@casc8.app