Last updated: April 2026
devkitvault operates recall and is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights regarding your personal information.
We collect the information you provide when registering: username, email address, and hashed password. We also store the data you save to your vault — commands, templates, snippets, environment variable sets, aliases, and groups. We collect basic usage logs (request timestamps, response codes) for monitoring and debugging.
We do not collect the content of commands you execute locally. We do not track your browsing behavior outside of recall. We do not sell, rent, or share your personal data with advertisers or third parties.
Your data is used solely to provide the recall service — syncing your vault across devices, authenticating your account, and delivering features based on your plan. We may use your email to send transactional messages such as OTP verification, password reset, and billing receipts.
If you sign in with GitHub or Google, we receive your email address and public profile information from those providers. We do not store OAuth tokens beyond the session. We use JWT tokens to authenticate CLI and dashboard sessions, which expire after 7 days.
Payments are processed by Lemon Squeezy. We do not store credit card numbers or payment details. We receive webhook events from Lemon Squeezy to update your plan status. Your billing information is subject to Lemon Squeezy's privacy policy.
Your data is stored on a private PostgreSQL database on a Hostinger VPS server. Passwords are hashed using bcrypt and never stored in plain text. API communication is encrypted via HTTPS/TLS. We follow security best practices and regularly review our infrastructure.
Your data is retained as long as your account is active. If you delete your account, your data is permanently deleted within 30 days. Backup copies may persist for up to 7 additional days before being purged.
You have the right to access, export, or delete your data at any time. You can export your vault from the dashboard settings. To request account deletion or a data export, email support@devkitvault.com and we will process your request within 7 days.
recall does not use tracking cookies. We use localStorage to persist your authentication token in the browser. No third-party analytics cookies are used on recall.devkitvault.com.
We use the following third-party services: Hostinger (VPS hosting), Lemon Squeezy (payments), Hostinger SMTP (transactional email), GitHub and Google (OAuth providers). Each of these services has their own privacy policies.
We may update this privacy policy from time to time. We will notify you of significant changes via email. Continued use of recall after changes constitutes acceptance of the updated policy.
For privacy-related questions or requests, email us at support@devkitvault.com. We aim to respond within 48 hours.