Skip to content
New: see your fit and get a tailored quote in minutes.Try the estimator
Menu
Request a demo Sign in

Legal

Privacy notice

Last updated: 17 June 2026

Who we are

IntegraCI is an Internal Developer Platform offered both as a managed cloud service and as self-hosted software. This notice covers the managed service operated by IntegraCI ("we", "us"), based in Wellington, New Zealand. For self-hosted deployments, you are the data controller and this notice is provided as guidance only.

What we collect

  • Account data: name, work email, and the credentials you set at signup. Passwords are hashed with bcrypt; we never store or see the plaintext.
  • Tenant configuration: organisation name, tenant slug, plan, connector configuration (non-secret), and the resources you create on the platform.
  • Operational telemetry: pipeline runs, deploy events, audit-log entries, and aggregate usage metrics used for billing, quotas, and reliability.
  • Support communications: anything you send us by email or through support channels.

How secrets are handled

Connector secrets (tokens, keys, certificates) are routed straight into OpenBao under your tenant-scoped path at install time. Only an opaque reference is persisted in Postgres. The secret value itself never lands in our application database, logs, or backups in plaintext.

How we use your data

  • To provision and operate your tenant (Keycloak realm, Kubernetes namespace, OpenBao path).
  • To meter usage and bill the plan you selected.
  • To secure the platform: abuse detection, audit logging, and incident response.
  • To communicate service, security, and account notices.

Tenant isolation

Every tenant is isolated by construction: Postgres Row-Level Security (with FORCE) on every table, a Keycloak realm per tenant, an OpenBao path per tenant, and a NATS subject hierarchy that prevents cross-tenant subscription at the broker level.

Your rights

Subject to applicable law (including GDPR, CCPA, PIPEDA, and LGPD), you may access, export, correct, or delete your data. The platform exposes self-service endpoints for this:

  • Data export: request a machine-readable copy of your tenant data.
  • Deletion: a tenant owner can trigger right-to-be-forgotten processing, which runs an auditable deletion saga and produces a deletion certificate.

To exercise a right that is not self-service, email [email protected].

Retention

We retain account and tenant data for as long as your tenant is active. Audit logs are append-only and archived to object storage on a schedule. On verified deletion, data is removed per the GDPR runbook, except where retention is legally required.

Sub-processors & transfers

We use a limited set of infrastructure and payment sub-processors (for example, cloud hosting and Stripe for billing). A current list is available on request. Where data is transferred internationally, we rely on appropriate safeguards such as Standard Contractual Clauses.

Contact

Questions about this notice or your data? Email [email protected]. For security disclosures, use [email protected].

This notice describes the IntegraCI managed service, operated by IntegraCI (registered in New Zealand), during public beta and may change as the product evolves. Enterprise customers: a Data Processing Agreement is available. Contact [email protected].