Privacy and data portability

You own your data. Any Cloud customer can export or delete their account at any time. This page documents the exact mechanics so you can audit what we do.

Export

Open Dashboard → Settings → Privacy → Export my data. We generate a tarball containing:

A pg_dump of your entire Postgres database in both custom (binary) and plain SQL format
Your MinIO bucket contents, preserving object metadata
Your nself config files: .env, docker-compose.yml, nginx sites, plugin manifests
The last 7 days of logs from every service
Your Stripe invoice history as JSON

The tarball is staged to object storage and you receive a signed download link by email. Links expire 7 days after generation and the staged tarball is deleted after 14 days.

Delete

Open Dashboard → Settings → Privacy → Delete my account. You must confirm by re-entering your email. After confirmation:

Your subscription is cancelled immediately. No further charges will be made.
A 7-day grace period starts. During the grace period you can cancel the deletion with one click.
After 7 days, your VPS is destroyed. The Hetzner server, its snapshots, and off-site backups are deleted.
Your account record is anonymized, email, name, billing address, and API keys are scrubbed. We keep a hashed identifier for tax compliance.
All telemetry data attributable to your account is deleted from our analytics warehouse within 30 days.

After completion, we email you a signed receipt of deletion. This is the documented proof you can use to satisfy downstream compliance requests.

GDPR and CCPA

Export and deletion are the two rights that satisfy GDPR Article 20 (data portability) and Article 17 (right to erasure), as well as CCPA §1798.105. For any other rights-related request (rectification, access log, restriction of processing), email privacy@nself.org. We reply within 5 business days and fulfill within 30.

Data location

We host in Hetzner Falkenstein (DE), Ashburn (US), Helsinki (FI), or Singapore (SG) : you choose at provisioning time. Off-site backups go to a second Hetzner region in the same jurisdiction. Telemetry is processed in our Falkenstein control plane.

Subprocessors

Hetzner Online GmbH (VPS hosting, backups)
Cloudflare Inc. (DNS, TLS, edge)
Stripe Inc. (payments)
ElasticEmail (transactional email)

We do not share customer data with advertisers, analytics vendors, or AI training providers. Never.

Export

Open Dashboard → Settings → Privacy → Export my data. We generate a tarball containing:

A pg_dump of your entire Postgres database in both custom (binary) and plain SQL format

Your MinIO bucket contents, preserving object metadata

Your nself config files: .env, docker-compose.yml, nginx sites, plugin manifests

The last 7 days of logs from every service

Your Stripe invoice history as JSON

The tarball is staged to object storage and you receive a signed download link by email. Links expire 7 days after generation and the staged tarball is deleted after 14 days.

Delete

Open Dashboard → Settings → Privacy → Delete my account. You must confirm by re-entering your email. After confirmation:

Your subscription is cancelled immediately. No further charges will be made.

A 7-day grace period starts. During the grace period you can cancel the deletion with one click.

After 7 days, your VPS is destroyed. The Hetzner server, its snapshots, and off-site backups are deleted.

Your account record is anonymized, email, name, billing address, and API keys are scrubbed. We keep a hashed identifier for tax compliance.

All telemetry data attributable to your account is deleted from our analytics warehouse within 30 days.

After completion, we email you a signed receipt of deletion. This is the documented proof you can use to satisfy downstream compliance requests.

GDPR and CCPA