cerver

Privacy

This page explains what data cerver.ai collects, how we use it, who we share it with, and what control you have over it. Plain language. If anything's unclear, email [email protected].

What we collect

• Account info. Your email when you sign up. We use it to send sign-in links and product updates you can opt out of.
• Sessions. When you create a session, we store the transcript (your messages and the agent's responses), any metadata you attach, and usage events (tokens used, model name, estimated cost). This is the core of the product — sessions are durable.
• API keys. The keys you (or the installer) create live in our database so we can compare incoming Authorization headers. We do not hash them; we need the original value at lookup time.
• Infisical connection credentials. The Universal Auth client_id and client_secret for your vault. The client_secret is encrypted at rest with AES-GCM, with the encryption key stored as a Cloudflare Worker secret only readable in-process.
• IP addresses. For the /try trial flow (one trial per IP per 24h) and for rate limiting. Not retained for any other purpose.
• Analytics. We use PostHog and Umami to count visits and see which pages engage. No personally identifying info beyond what you give us in your account.

What we don't collect

• Your provider API key values. They live in your Infisical vault. We have the credentials to read them at runtime; we don't store the values ourselves.
• Transcript content for training, mining, or any cross-account analysis. The insights feature runs only on your account's transcripts and only when you ask.
• Payment info — we don't charge yet.
• Cross-site tracking.

Who we share data with

• Cloudflare — our gateway runs as a Worker. Your requests transit Cloudflare.
• Neon — our Postgres database. Durable data lives here.
• Infisical — your provider secrets live in their service. We access them through the machine identity you gave us.
• LLM providers (Anthropic, OpenAI, xAI, Google) — when you run an LLM call, your prompt and selected model go to the provider you chose. Their privacy policies apply once data is with them.
• Sandbox providers (Vercel, E2B, Modal, Daytona, Cloudflare Workers) — when a session creates a sandbox, the code that runs goes to that provider.
• Resend — sends our sign-in emails.
• PostHog, Umami — anonymized analytics.

We don't sell your data. Ever.

Data retention

• Sessions: kept indefinitely for active accounts. Sessions with no activity for 14+ days are marked ended at the API but the records remain.
• Trial accounts: anonymous, retained as long as the per-IP cap needs the IP record (~24h).
• Deleted accounts: we wipe sessions, keys, and vault connections within 30 days of your request.

Your rights

• Access — your dashboard shows everything we know about you.
• Export — sessions are available as JSON via GET /v2/sessions/:id?full=1.
• Delete — email [email protected]. We respond within 30 days.
• Object to processing — stop using cerver. Nothing happens without your input.

Security

• Provider vault credentials are AES-GCM encrypted at rest. Encryption key is a Cloudflare Worker secret.
• TLS in transit, everywhere.
• API keys are bearer tokens — treat them like passwords. Rotate via the dashboard if leaked.

Children

Cerver isn't directed at people under 13. Don't use it if you are under 13.

Changes

We'll update this page when our practices change. Continued use after an update means you accept the new version. Material changes get an email.

Contact

Eyal Goren · [email protected]