Tensorify LogoTensorify
Tensorify LogoTensorify
Log inGet Started

Privacy Policy

ALPHAWOLF VENTURES, INC. PRIVACY POLICY

EFFECTIVE DATE: May 21, 2026

1. OVERVIEW & SCOPE

ALPHAWOLF VENTURES, INC. (“Company”, “Tensorify”, “we”, “us”, “our”) is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, store, and share information when you use our services.

This policy applies to:

  • Our marketing website at tensorify.io
  • Our application at app.tensorify.io
  • The Tensorify CLI tool and self-hosted Runner
  • Managed cloud execution infrastructure
  • All associated APIs and services

By using any of our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our services.

2. INFORMATION WE COLLECT

2.1 Account Data

When you register for an account, we collect information provided through our authentication provider (Clerk):

  • Email address
  • Full name
  • Profile photo (if provided)
  • Organization/Teamspace name

2.2 Workspace Metadata

As you use the Platform, we store your workspace data including:

  • Project and workflow names
  • Node configurations (visual graph JSON)
  • Plugin settings and connections
  • Deployment configurations

2.3 Execution Data (Managed Mode)

When you use Managed Cloud Execution, we process:

  • Webhook payloads (processed transiently, not persisted after execution)
  • Execution logs (timing, status, node outputs)
  • Error reports and stack traces

2.4 Execution Data (Self-Hosted Mode)

When you use a self-hosted Runner, we receive only:

  • Node execution status signals (started, completed, failed)
  • Node output snapshots (for the visual debugger and variable picker)
  • Run identifiers and timing metadata
  • Plugin execution errors

We do NOT receive your webhook payload body, environment variables, file system contents, or any data processed within your self-hosted infrastructure.

2.5 CLI Telemetry

The Tensorify CLI transmits limited telemetry data:

  • Runner heartbeat (alive/offline status)
  • CLI version information
  • Operating system type
  • Workflow execution counts (aggregate, no payload content)

CLI telemetry never includes your source code, webhook payload content, environment variables, or any business data.

2.6 Payment Data

Payment processing is handled entirely by Stripe, Inc. We do not store your credit card number, CVV, or full billing details. We retain only your subscription plan type, Stripe customer ID, and subscription status for account management.

2.7 Usage Analytics

We collect analytics data via PostHog including page views, feature usage patterns, and session recordings on our web application. This data helps us improve the product experience. You can opt out of analytics tracking at any time.

2.8 Technical Data

We automatically collect technical data including IP address, browser type and version, device type, operating system, referring URL, and access timestamps. This data is used for security, abuse prevention, and service optimization.

3. HOW WE USE YOUR INFORMATION

We use collected information for the following purposes:

  • Provide the Service: Process workflow executions, manage accounts, and deliver platform features
  • Transactional Communications: Send execution alerts, account notifications, security notices, and billing receipts
  • Product Improvement: Analyze aggregated usage patterns to improve platform reliability and features
  • Security & Abuse Prevention: Detect and prevent fraud, abuse, and unauthorized access
  • Customer Support: Respond to support requests and troubleshoot issues
  • Legal Compliance: Comply with applicable laws, regulations, and legal processes

We do NOT sell your personal information. We do NOT use your data for advertising. We do NOT use your workflow data or execution content to train machine learning models.

4. SELF-HOSTED RUNNER DATA HANDLING

Tensorify is built with a “local-first” philosophy. When you use a self-hosted Runner, your data stays on your infrastructure.

What is NEVER sent to Tensorify:

  • Webhook request/response bodies
  • Environment variables or secrets
  • File system contents
  • Network traffic or internal API calls
  • Source code of custom plugins
  • Database contents or credentials

What IS sent to Tensorify:

  • Node execution status (started/completed/failed)
  • Node output snapshots (for the canvas variable picker and visual debugger)
  • Run identifiers and timing metadata
  • Error messages (for troubleshooting in the dashboard)
  • Runner heartbeat (online/offline status)

Output snapshots can be disabled per-workflow if you require fully air-gapped execution. Contact support for offline-only configuration guidance.

5. MANAGED CLOUD EXECUTION DATA HANDLING

When you opt into Managed Cloud Execution, webhook payloads are processed on Tensorify’s infrastructure.

5.1 Data in Transit.

All data transmitted between your systems and Tensorify infrastructure is encrypted using TLS 1.3.

5.2 Data at Rest.

Execution logs and workflow metadata stored on our servers are encrypted at rest using AES-256 encryption.

5.3 Payload Handling.

Raw webhook payloads are processed in memory during execution and are not persisted to disk after execution completes. Only execution metadata (timing, status, node outputs) is retained in logs.

5.4 No Model Training.

We never use your execution data, webhook payloads, or workflow configurations to train machine learning models or for any purpose other than providing and maintaining the Service.

5.5 Geographic Processing.

Managed execution is currently processed in United States data centers (US East, hosted on Railway). We will notify you in advance if processing locations change.

6. TEAM & ORGANIZATION DATA

6.1 Data Visibility.

All resources within a Teamspace (workflows, projects, execution history, API keys) are visible to all members of that Teamspace. Owners and Admins can view all team execution history and manage access.

6.2 Member Removal.

When a member is removed from a Teamspace, their access is revoked immediately. Data they contributed to the Teamspace remains with the Teamspace and is not deleted.

6.3 Isolation.

Data is strictly scoped to Teamspaces. There is no cross-Teamspace data sharing, visibility, or access. Each Teamspace operates as an independent data boundary.

7. THIRD-PARTY SERVICES & SUB-PROCESSORS

We use the following third-party services to provide, maintain, and improve the Service:

ServicePurposeLocation
ClerkAuthentication, session management, user profilesUnited States
StripePayment processing, subscription managementUnited States
PostHogProduct analytics, session replayUnited States
AhrefsWebsite traffic analyticsSingapore / EU
ResendTransactional email deliveryUnited States
RailwayInfrastructure hosting, managed executionUnited States
Redis (Upstash)Queue management, real-time messagingUnited States
CloudflareCDN, DDoS protection, DNSGlobal

We will notify you by email at least 30 days in advance before adding new sub-processors that handle personal data. Each third-party service is bound by data processing agreements that limit their use of your data to the purposes described above.

8. COOKIES & TRACKING

8.1 Essential Cookies.

Required for authentication, session management, and CSRF protection. These cannot be disabled without losing access to the Service.

8.2 Analytics Cookies.

PostHog analytics cookies help us understand usage patterns and improve the product. You can opt out of analytics tracking through the cookie consent banner or your browser settings.

8.3 Marketing Analytics.

Ahrefs web analytics is used on our marketing site only to understand traffic sources and page performance. It does not track individual users across sessions.

8.4 No Advertising Cookies.

We do not use advertising cookies, retargeting pixels, or any third-party advertising trackers. We do not participate in ad exchanges or programmatic advertising.

9. DATA RETENTION

We retain data only as long as necessary for the purposes described in this policy:

Data TypeRetention Period
Account dataActive account + 30 days after deletion request
Workspace metadata (workflows, projects)Active account + 30 days after deletion request
Execution logs (managed mode)30 days
Execution data (self-hosted mode)Not stored (transient only)
Raw webhook payloadsNot persisted beyond execution
Payment records7 years (legal requirement)
Analytics data (aggregated)24 months
Session recordings90 days
Backups7 days

10. YOUR RIGHTS (GDPR — EEA/UK USERS)

If you are located in the European Economic Area or United Kingdom, you have the following rights under the General Data Protection Regulation:

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete personal data.
  • Right to Erasure: Request deletion of your personal data (“right to be forgotten”).
  • Right to Restrict Processing: Request that we limit how we use your data.
  • Right to Data Portability: Receive your data in a structured, machine-readable format. This includes workflow export functionality.
  • Right to Object: Object to processing of your personal data for specific purposes.
  • Right to Withdraw Consent: Withdraw previously given consent at any time.

To exercise any of these rights, contact us at [email protected]. We will respond to your request within 30 days. You also have the right to lodge a complaint with your local data protection authority.

11. YOUR RIGHTS (CCPA/CPRA — CALIFORNIA USERS)

If you are a California resident, you have the following rights under the California Consumer Privacy Act and California Privacy Rights Act:

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we collect about you.
  • Right to Delete: Request deletion of personal information we have collected.
  • Right to Opt-Out of Sale: We do NOT sell personal information. There is nothing to opt out of.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
  • Authorized Agent: You may designate an authorized agent to submit requests on your behalf with proper verification.

To exercise your rights, contact us at [email protected]. We will verify your identity before processing requests.

12. INTERNATIONAL DATA TRANSFERS

Our services are primarily hosted and operated in the United States. If you are accessing our services from outside the United States, your data will be transferred to and processed in the United States.

For transfers of personal data from the EEA/UK to the United States, we rely on:

  • The EU-US Data Privacy Framework, where applicable
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data processing agreements with all sub-processors

Enterprise customers requiring additional transfer safeguards should contact us at [email protected] to discuss specific requirements.

13. SECURITY MEASURES

We implement industry-standard security measures to protect your data:

  • Encryption in Transit: All communications use TLS 1.3
  • Encryption at Rest: Stored data is encrypted using AES-256
  • Access Controls: Role-based access following the principle of least privilege
  • Infrastructure Security: Hosted on Railway with managed security patches and isolation
  • Authentication: Secure session management via Clerk with support for multi-factor authentication
  • Regular Reviews: Periodic security assessments and dependency audits

Incident Response.

In the event of a data breach that affects your personal information, we will notify affected users within 72 hours of confirming the breach, in compliance with GDPR Article 33. Notification will include the nature of the breach, data affected, measures taken, and recommended actions.

14. CHILDREN’S PRIVACY

The Service is not directed at children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have inadvertently collected personal data from a child under 16, we will take steps to delete that information promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected] and we will delete it.

15. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. For material changes that affect how we handle your personal data, we will provide at least 30 days advance notice via email to the address associated with your account.

Non-material changes (clarifications, formatting) will be reflected by an updated effective date at the top of this page. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

16. CONTACT

If you have any questions about this Privacy Policy or wish to exercise your privacy rights:

ALPHAWOLF VENTURES, INC.

Data Protection Inquiries: [email protected]

General Legal: [email protected]

Website: https://tensorify.io

© 2026 ALPHAWOLF VENTURES, INC. All rights reserved.

Last updated: May 21, 2026