Privacy Policy

Last updated: February 2026

1. Introduction

ModelDock (“we”, “us”, “our”) operates ModelDock.run. This Privacy Policy explains how we collect, use, and protect your information when you use our Service.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, and a hashed version of your password. We never store passwords in plain text.

Project Data

When you create a project, we store your project configuration (repository URL, branch, dbt version, schedule). Warehouse credentials and GitHub tokens are encrypted with AES-256-GCM at rest and are only decrypted inside isolated containers at run time.

Usage Data

We collect anonymised usage analytics (page views, feature usage) via self-hosted Umami analytics. Umami is privacy-focused: it does not use cookies, does not track across websites, and does not collect personal information. All analytics data is stored on our own servers.

Run Artifacts

dbt run artifacts (manifest.json, run_results.json, compiled SQL, logs) are stored in our self-hosted S3-compatible object storage. These are only accessible to the project owner.

3. How We Use Your Information

We use your information to:

  • Provide and operate the Service (running your dbt projects on schedule)
  • Send transactional emails (email verification, run alerts, password resets)
  • Improve the Service based on anonymised usage patterns
  • Respond to support requests

We do not sell, rent, or share your personal information with third parties for marketing purposes.

4. Data Security

We take security seriously:

  • Warehouse credentials are encrypted with AES-256-GCM at rest
  • GitHub OAuth tokens are encrypted with the same standard
  • Passwords are hashed with bcrypt (12 rounds)
  • All connections use HTTPS/TLS
  • Each dbt run executes in an isolated Docker container that is auto-removed after execution
  • Server access is restricted to SSH key authentication only

5. Third-Party Services

We use the following third-party services:

  • GitHub — OAuth for repository access (only when you choose to connect your account)
  • Resend — Transactional email delivery (verification emails, alerts)
  • Hetzner Cloud — Infrastructure hosting (EU/US datacenters, ISO 27001 certified)

We do not use Google Analytics, Facebook Pixel, or any other third-party tracking services.

6. Data Retention

We retain your account data for as long as your account is active. Run artifacts and logs are retained according to your plan limits. When you delete your account, all associated data (projects, credentials, runs, artifacts) is permanently deleted within 30 days.

7. Your Rights

You have the right to:

  • Access — Request a copy of the data we hold about you
  • Correction — Update or correct your account information
  • Deletion — Delete your account and all associated data
  • Export — Download your project configurations and run history

To exercise these rights, contact us at the email below.

8. Cookies

We use a single session cookie for authentication purposes. We do not use tracking cookies, advertising cookies, or third-party cookies. Our analytics solution (Umami) is cookie-free.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The latest version will always be available at this URL.

10. Contact

For questions about this Privacy Policy or your data, contact us at admin@modeldock.run.