Privacy Policy

Overview

Algora Launch helps users configure third-party developer services such as GitHub, Supabase, Railway, Cloudflare, and Stripe. This policy explains the product data the MVP expects to handle while providing that workflow.

Information we process

We may process account details, project names, selected domains, provider connection metadata, OAuth tokens, API tokens, generated repository names, deployment identifiers, and setup status. Some provider credentials and application secrets are sensitive and are stored encrypted when the product needs to reuse them for later setup steps.

How we use information

We use this information to authenticate users, create and configure provider resources, show setup progress, retry or resume partial setup steps, configure DNS records, and help diagnose failed provisioning attempts.

Third-party providers

When you connect a provider, Algora Launch sends the minimum information needed to that provider to perform the requested action, such as creating a repository, creating a Supabase project, configuring Railway service variables, or updating Cloudflare DNS. Those providers process information under their own policies.

Secret handling

Secrets such as Supabase service keys are not exposed to the browser for normal setup flows. The backend decrypts sensitive values only when needed for a provider action, such as injecting variables into Railway, then discards the in-request values.

Your choices

You can disconnect provider accounts, revoke provider app access, or delete resources directly in the connected provider. Some provider-side changes may require reconnecting the account before Algora Launch can continue a setup workflow.

Changes

We may update this policy as the MVP evolves. If the changes are material, the updated version will be posted here with a new date.