Privacy Policy

This Privacy Policy describes how Wokku ("we", "us", "our") collects, uses, and protects your information when you use our services at wokku.cloud, our API, CLI, mobile app, and the Wokku Claude Code plugin.

1. Information We Collect

Account Information

• Email address and name (required for account creation)
• Password (hashed, never stored in plaintext)
• GitHub or Google profile data (if you sign in via OAuth)
• Two-factor authentication secrets (encrypted at rest)

Application Data

• Application metadata (name, environment variables, domains, deployment configuration)
• SSH public keys you provide for git push deployments
• SSH private keys for connected Dokku servers (encrypted at rest)
• Application logs (retained for up to 30 days)
• Deploy history and release information
• Usage metrics (CPU, memory, bandwidth)

Billing Information

• Payment method details are processed by our payment provider (iPaymu) and are not stored on our servers
• Invoice history, subscription status, and billing addresses

Technical Data

• IP addresses, user agent, and request logs (retained for 30 days)
• Error reports via Sentry (no personally identifiable information)

2. Claude Code Plugin Data Handling

The Wokku Claude Code plugin runs locally on your machine and connects directly to the Wokku API using an API token you provide. We want to be explicit about how data flows:

• Local execution: The plugin is a Ruby script that runs on your local machine. It does not run on our servers.
• API token storage: Your Wokku API token is stored locally by Claude Code in your plugin configuration. We never receive a copy of this configuration.
• Data transmitted: When you invoke a plugin tool (e.g., "list my apps"), the plugin sends an HTTPS request to wokku.cloud/api/v1 using your API token. We only receive the data necessary to fulfill that request.
• What we log: Standard API request logs (endpoint, timestamp, response status). Request bodies are not logged.
• Anthropic's role: Claude (the AI) interprets your prompts and decides which tools to call. The prompts you send to Claude are governed by Anthropic's privacy policy, not ours. We do not receive your prompt text — only the tool arguments Claude constructs.
• Self-hosted instances: If you configure the plugin to use a self-hosted Wokku instance, no data is sent to wokku.cloud.

3. How We Use Your Information

• Provide, maintain, and improve the Wokku service
• Deploy and manage your applications on connected servers
• Process payments and send billing notifications
• Send transactional emails (deploy notifications, security alerts, account updates)
• Detect and prevent abuse, fraud, and security incidents
• Comply with legal obligations

We do not sell your data, use it for advertising, or share it with third parties for marketing purposes.

4. Third-Party Services

We use the following third-party services to operate Wokku:

• iPaymu — Payment processing (Indonesia). Privacy policy
• Stripe — International payment processing. Privacy policy
• Resend — Transactional email delivery. Privacy policy
• Sentry — Error tracking (no PII sent). Privacy policy
• GitHub — OAuth sign-in and repository access. Privacy policy
• Google — OAuth sign-in. Privacy policy
• Cloudflare R2 / AWS S3 — Database backup storage (only if you enable backups)

5. Data Retention

• Account data: Retained while your account is active
• Application logs: 30 days
• Database backups: Per your configured retention policy (1-30 days)
• Invoice records: 7 years (for tax and legal compliance)
• Deleted accounts: Data permanently removed within 30 days of deletion request, except where retention is legally required

6. Data Security

• All data transmitted to and from Wokku is encrypted in transit using TLS 1.2 or higher
• Sensitive fields (SSH keys, API tokens, 2FA secrets) are encrypted at rest using AES-256
• Passwords are hashed using bcrypt
• Database backups are encrypted before upload to object storage
• Infrastructure runs on secured servers with regular security updates
• Two-factor authentication (TOTP) available for all accounts

7. Your Rights

You have the right to:

• Access your personal data — available via the dashboard or by email request
• Correct inaccurate data through your profile settings
• Delete your account and all associated data — contact support
• Export your data in a portable format
• Revoke API tokens at any time from the dashboard
• Opt out of non-essential emails

To exercise any of these rights, contact us at privacy@wokku.cloud.

8. International Data Transfers

Wokku is operated from Indonesia with infrastructure in multiple regions. By using our service, you consent to the transfer of your data across international borders as necessary to provide the service. We use industry-standard safeguards for all cross-border data transfers.

9. Children's Privacy

Wokku is not intended for users under the age of 13. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Significant changes will be communicated via email to registered users at least 30 days before taking effect. The "Last updated" date at the top of this page reflects the most recent revision.

11. Contact

Questions about this Privacy Policy or our data practices? Contact us:

• Email: privacy@wokku.cloud
• Support: support@wokku.cloud
• Website: wokku.cloud