OpZeroAI Deploy Engine

Privacy Policy

Last Updated: February 8, 2026

1. Introduction

Opzero.sh ("we", "our", or "us") provides an MCP (Model Context Protocol) server that enables AI agents to deploy web applications to hosting providers. This privacy policy explains how we collect, use, and protect your information when you use our service.

2. Information We Collect

2.1 Account Information

When you create an account through WorkOS AuthKit, we collect:

  • Email address
  • Name (if provided)
  • Authentication credentials (managed by WorkOS)

2.2 Usage Data

When you use our MCP server, we collect:

  • Deployment metadata (project names, deployment targets, timestamps)
  • API usage statistics (tool calls, rate limits, errors)
  • OAuth tokens and API keys (encrypted)
  • IP addresses and request logs for security purposes

2.3 Deployment Content

Code, files, and content you deploy through our service are temporarily stored for processing and then forwarded to your chosen hosting provider (Cloudflare, Netlify, or Vercel). We do not retain deployed content after successful deployment.

3. How We Use Your Information

We use your information to:

  • Provide and maintain the MCP server service
  • Process deployments to hosting providers
  • Authenticate API requests and manage OAuth sessions
  • Monitor usage for billing and rate limiting
  • Prevent abuse and ensure service security
  • Send service notifications and updates
  • Improve our service and develop new features

4. Data Sharing and Third Parties

4.1 Hosting Providers

When you deploy to Cloudflare, Netlify, or Vercel, your deployment content and metadata are shared with these providers according to their respective privacy policies.

4.2 Authentication Provider

We use WorkOS AuthKit for authentication. Your authentication data is processed according to WorkOS's privacy policy.

4.3 Database Provider

We use Neon PostgreSQL for data storage. Your data is encrypted at rest and in transit.

4.4 Payment Processing

Payment information is processed by Stripe. We do not store credit card details on our servers.

5. Data Security

We implement security measures including:

  • Encrypted connections (TLS/SSL)
  • Encrypted storage of sensitive data
  • OAuth 2.1 with PKCE for authentication
  • Rate limiting and abuse prevention
  • Regular security audits

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your data as follows:

  • Account data: Retained while your account is active
  • Deployment metadata: Retained for 90 days
  • Usage logs: Retained for 30 days
  • Deployment content: Not retained after deployment

7. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Export your data
  • Opt out of marketing communications
  • Withdraw consent for data processing

To exercise these rights, contact us at privacy@opzero.sh

8. Cookies and Tracking

We use cookies for:

  • Session management and authentication
  • Security and fraud prevention
  • Analytics to improve our service

You can control cookies through your browser settings.

9. Children's Privacy

Our service is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13.

10. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for international data transfers.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes via email or through our service. Your continued use of the service constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this privacy policy, contact us at:

GDPR Compliance

For users in the European Economic Area (EEA), we comply with GDPR requirements. You have additional rights under GDPR, including the right to lodge a complaint with your local data protection authority.

CCPA Compliance

For California residents, we comply with the California Consumer Privacy Act (CCPA). You have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information.