Privacy, in plain English.
Last updated April 26, 2026.
What we collect
- —Account data: name, email, hashed password.
- —Workflow data: the workflows you create, their steps, params, and run results.
- —API credentials: encrypted at rest with AES-256-GCM. We never see plaintext keys after you submit them.
- —Usage telemetry: route hits, run counts, error rates. Aggregated, never tied to user identity.
What we never collect
- —The contents of your prompts to your connected LLMs. They go directly to your provider.
- —The contents of your emails, files, or messages. Workflow steps fetch them at run time and discard.
- —Payment card details. Stripe handles billing — we never touch a card number.
How long we keep things
- —Account data: until you delete your account.
- —Run history: 90 days on Free/Pro. Unlimited on Team.
- —Encrypted credentials: until you remove them in Settings.
- —Audit log: 500 most recent events per user.
What we don't do
- —Sell your data. To anyone.
- —Train models on your prompts or workflow contents.
- —Share data with advertisers.
Your rights
- —Export everything: GET /api/audit + GET /api/workflows + GET /api/history.
- —Delete: hit Delete account in Settings, or email privacy@dispatch.dev.
- —GDPR/CCPA requests: handled within 30 days. Email privacy@dispatch.dev.
Subprocessors
- —Vercel — hosting and edge compute.
- —Upstash — Redis storage for workflow + run data.
- —NVIDIA NIM — Qwen 480B for the planner. Prompts to Qwen contain only the workflow description, never your data.
- —Stripe — billing.
- —Your connected LLM provider (OpenAI / Anthropic / Google) for AI step execution. Their privacy policies govern that traffic.
Questions or requests: privacy@dispatch.dev.