▸ Privacy

Privacy Policy

Effective 2025-09-15 · last updated 2026-04-22 · GDPR-aligned

▸ The 30-second version

We collect what we need to run compute-edge for you (account, billing, usage, deployed code) and nothing else. We don't sell data. We don't use your code or data to train models. You can export everything, delete everything, and you can email our DPO directly.

This Privacy Policy describes how Compute-Edge OÜ (“Compute-Edge”, “we”) processes personal data in the course of operating the compute-edge platform. We are the controller for the data described in section 2 unless otherwise noted, and we operate from Tallinn, Estonia, under the General Data Protection Regulation (EU 2016/679) and the Estonian Personal Data Protection Act.

01 Who we are

Compute-Edge OÜ, registry code 16847291, Sõpruse pst 145, 13417 Tallinn, Estonia. Our Data Protection Officer is reachable at [email protected].

02 What we collect

Account data: the email address you sign up with, name (if you provide one), hashed password, organisation membership.
Billing data: billing email, address, VAT number where applicable, payment method tokens held by our payment processor (we do not store card numbers).
Usage data: requests, KV reads, Object egress per PoP per hour. Aggregated; not tied to end-users of your applications.
Operational logs: error logs from your deployed functions (retained 30 days), platform-level access logs (retained 14 days).
Code & data you upload: processed under your instructions; we are a processor for this category and use it only to operate the Service.

03 Why we collect it

To provide the Service you requested (legal basis: contract).
To bill you for usage above the free allowance (legal basis: contract).
To detect abuse and protect platform integrity (legal basis: legitimate interest).
To comply with tax, accounting, and other legal obligations (legal basis: legal obligation).

We do not sell personal data. We do not share it for behavioural advertising. We share data with a small list of subprocessors who help operate the Service:

Stripe Payments Europe Ltd — billing & payment processing (Ireland).
Hetzner Online GmbH — control-plane hosting (Finland data centre).
Postmark (ActiveCampaign LLC) — transactional email (US, SCCs in place).
Plausible Insights OÜ — cookie-free privacy analytics for compute-edge.net itself (Estonia).

The current list is maintained at /subprocessors. We notify Org-plan customers at least 30 days before adding a new subprocessor.

05 Where it is stored

The control plane (account, billing, configuration) is stored in Helsinki, Finland (EU). Code, KV, and Objects deployed to the runtime are replicated to the PoPs you have configured — this may include PoPs outside the EU (e.g. nrt-02, iad-01). Transfers outside the EEA rely on Standard Contractual Clauses where applicable.

06 Retention

Account & billing data: for the life of your account and 7 years after closure (Estonian accounting law).
Usage data: 18 months in detailed form, indefinitely as monthly aggregates.
Function error logs: 30 days.
Platform access logs: 14 days.
Deployed code & KV / Object data: until you delete it or 30 days after account closure (whichever is earlier).

07 Your rights

Under GDPR you have the right to access, rectify, erase, restrict, port, and object to processing of your personal data. You can exercise most of these from your dashboard. To exercise any of them by other means, email [email protected] — we respond within 30 days and at no charge for the first request in any 12-month period.

You can also lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) at aki.ee.

08 Security

All data is encrypted in transit (TLS 1.3, modern cipher suites only) and at rest (AES-256-GCM). Production access is restricted to the two of us, gated by hardware tokens, and logged. We don't operate a paid bug bounty programme, but security disclosures are welcomed at [email protected] and our PGP key is at /.well-known/security.txt.

09 Cookies

compute-edge.net uses a single first-party session cookie for authenticated sessions. We do not set advertising or third-party tracking cookies. Plausible Analytics is configured for cookie-less measurement.

10 DPO contact

Maarja Tamm acts as our Data Protection Officer. Reach her at [email protected] or by post at the address in section 1.

We will post material changes to this Policy at least 30 days before they take effect, and email account holders. The current version is always at this URL.