Privacy Policy

Privacy Policy

Last updated: April 30, 2026

1. Who we are

Cachely is a CMS asset and API proxy service. This Privacy Policy describes the personal data we process when you sign up, configure projects, or use the platform, and the choices you have over that data.

2. Data we process

We process the categories of data listed below. We try to keep the surface as small as possible and only collect what we need to operate the service.

  • Account data: name, email address, organization details you provide during sign-up, and team membership records.
  • Authentication data: sign-in metadata (timestamps, IP, device hints) handled by our authentication provider so we can secure your account.
  • Billing and subscription data: plan, subscription status, payment method tokens, invoices, and tax-related identifiers handled by our payment processor. We do not see or store your card number directly.
  • Usage and log data: per-tenant request counts, bandwidth, cache statistics, sampled request logs (URL, status, timestamp), and threshold notifications. We use this for billing, abuse prevention, and operational diagnostics.
  • Proxy and domain configuration data: CMS provider identifiers, origin URLs, custom hostnames, encrypted API tokens, and tenant settings that you configure.
  • Support communications: messages you send us, including any screenshots or logs you attach.

3. How we use your data

We use the data above to:

  • provide, secure, and improve the service,
  • process payments, calculate usage, and apply plan limits,
  • send transactional notifications such as usage alerts, invoices, and team invites,
  • respond to support requests, and
  • comply with legal obligations.

We do not sell personal data and we do not use your usage logs for advertising.

4. Service providers

Cachely is built on a small number of trusted infrastructure providers. They process data only on our behalf and under contract.

  • Clerk — authentication, session management, and user directory.
  • Stripe — billing, subscriptions, and payment processing.
  • Cloudflare — edge proxy execution, KV configuration, D1 database, and custom hostname infrastructure.
  • Vercel — marketing site and dashboard hosting.
  • Resend — transactional email delivery (usage alerts, invites, billing-related messages).

5. International transfers and storage

Data is processed and stored across the regions our infrastructure providers operate in, which may include the European Union, the United Kingdom, and the United States. Our providers offer appropriate safeguards for international transfers (e.g. Standard Contractual Clauses).

6. Retention

We retain account, configuration, and billing data for the lifetime of your account plus the period required for legal and accounting obligations. Sampled request logs are retained on a rolling window (typically 30 days). When you delete your account, we remove or anonymize personal data in our active systems on a reasonable schedule.

7. Your rights

Depending on where you live, you may have the right to:

  • access the personal data we hold about you,
  • request that we correct or update inaccurate data,
  • request that we delete your data, subject to limited exceptions,
  • export a copy of your data,
  • object to or restrict certain processing, and
  • withdraw consent where processing is based on consent.

You can exercise most of these rights directly from your account settings, or by contacting us at the address below. If you are in the EEA, UK, or Switzerland, you also have the right to lodge a complaint with your local data protection authority.

8. Security

We protect your data with industry-standard controls: TLS in transit, encryption at rest for sensitive credentials (such as your CMS API tokens), least-privilege access to our data stores, and audit trails for administrative actions.

9. Changes to this policy

We may update this Privacy Policy from time to time. The latest version will be posted on this page with an updated effective date. Material changes will be communicated by email or in-product notice where appropriate.

10. Contact

For privacy questions or to exercise your rights, contact us at hello@cmsassets.dev .