EnvHavenEnvHaven
Home

Privacy Policy

Last updated: February 3, 2026

We take the privacy of your data seriously. This policy explains what we collect, why, and how we handle it.

What we collect and why

Identity and access

When you sign up for EnvHaven, you can authenticate via GitHub OAuth or email magic link. If you use GitHub, we receive your GitHub username, email, and profile information. If you use email magic link, we receive only your email address. We use this to identify you, personalize your experience, and enable workspace access.

Your EnvHaven account does not have a password—authentication is handled through GitHub OAuth or email magic links via a third-party authentication provider. When you create a workspace, you set a workspace password for accessing the development environment; we store only a cryptographic hash of this password, never the password itself.

Billing information

If you subscribe to EnvHaven's paid plan, you provide payment information to Polar. We do not store your credit card numbers. We only receive and store:

  • A reference to your Polar customer ID
  • Subscription status and plan type
  • Seat count and billing period dates

Workspace data

When you create a workspace, we store the configuration and metadata needed to provision and manage it:

  • Workspace subdomain and settings
  • Provisioning status and job logs
  • Infrastructure identifiers (server and tunnel IDs)

The files and code you create inside your workspace are stored on the infrastructure running your workspace. For managed workspaces, this data resides on cloud VPS instances in your selected region. For self-hosted deployments, you control where this data lives.

Website analytics

We collect pseudonymized usage data to understand how people use the EnvHaven platform (this website and managed service). This includes page views, feature usage, performance metrics, and CLI download counts from our website. Visitor identifiers rotate daily and cannot be linked across days.

Important: EnvHaven's open source software—the CLI, Docker image, and everything in github.com/envhaven/envhaven—contains zero telemetry. The software you run does not send usage data, analytics, or any other information back to EnvHaven. Only this website tracks usage; the code running in your workspace or on your machine does not.

We do not sell your data to third parties. We do not use third-party advertising trackers.

When we access your data

We may access your account data to:

  • Respond to support requests you initiate
  • Investigate potential abuse or violations of our Acceptable Use Policy
  • Maintain and improve our systems

We do not access the contents of your workspaces unless required for the above purposes or required by law.

When we share your data

We share data with third parties only when necessary to provide the service:

  • Payment processor — Billing and subscription management
  • Authentication provider — Account login and session management
  • Cloud infrastructure provider — VPS hosting for managed workspaces
  • CDN and DNS provider — Tunnels and routing for workspace URLs
  • Analytics provider — Website analytics and operational logging

For specific vendor details, contact [email protected].

We may also disclose your information if required by law, such as to comply with a subpoena or legal process.

Your rights

You have the right to:

  • Access — Request a copy of the data we hold about you
  • Correction — Update or correct your information
  • Deletion — Delete your account and associated data
  • Export — Export your workspace data at any time via SSH/SCP

To exercise these rights, contact us at [email protected].

Data retention

We retain your data for as long as your account is active. When you delete your account:

  • Account data is deleted within 30 days
  • Workspace data is deleted immediately upon workspace deletion (VPS destroyed, DNS records removed)
  • Database backups are purged within 90 days

Some information may be retained longer if required for legal or compliance purposes.

Security

We take security seriously. Our measures include:

  • Encryption in transit (TLS) for all connections
  • Isolated workspace environments (one VPS per workspace)
  • Secure tunnels with no open inbound ports on workspaces
  • Access controls and audit logging

For security concerns, contact [email protected].

Changes to this policy

We may update this policy from time to time. Significant changes will be communicated via email or a notice on our website. Continued use of EnvHaven after changes constitutes acceptance of the updated policy.

Questions

If you have questions about this privacy policy or your data, contact us at [email protected].

Adapted from the Basecamp open-source policies / CC BY 4.0.