Privacy Policy

Restorely is operated by MCKE LLC, an Illinois single-member LLC. This policy explains how we collect, use, store, share, and delete data when you use Restorely.

Linear OAuth tokens, encrypted before storage, so Restorely can access the Linear workspace you authorize.

Linear workspace data that you choose to back up, including supported issues, comments, projects, cycles, documents, labels, teams, workflow states, and Linear-hosted attachments.

Account and billing contact data such as email address, plan, subscription status, and Stripe customer identifiers.

Customer-supplied alert webhook URLs and failure-notification records when you configure webhook delivery.

Privacy-safe analytics data, including funnel events and IP hashes. We hash IP-derived analytics inputs before storage and do not store raw IP addresses as analytics identifiers.

We use data to connect your Linear workspace, create and verify backup snapshots, support restore workflows, run billing, prevent abuse, debug failures, and improve the service.

We do not sell customer workspace data. We do not use customer workspace data for third-party advertising.

Backup objects are stored in Cloudflare R2 with an Eastern North America (ENAM) location hint and Cloudflare's default jurisdiction; Cloudflare prefers ENAM data centers but may store data in other regions Cloudflare operates. Application metadata is stored in Neon Postgres in a us-east region configuration.

Restorely is hosted on Vercel. Operational logs may be processed by our hosting and infrastructure providers to keep the service reliable and secure.

Sensitive backup data is protected with AES-256-GCM envelope encryption using per-tenant data encryption keys.

OAuth tokens are encrypted before storage. Access to production systems is limited to people and systems that need it to operate Restorely.

No security program removes all risk. Encrypted snapshots, plain restore reports, and narrow data scope. Restorely does not claim SOC 2 certification, does not provide procurement documents, and does not support regulated data.

Stripe processes payments and billing events. Linear provides the OAuth connection and source workspace data you authorize. Cloudflare R2 stores encrypted backup objects. Neon stores application metadata. Vercel hosts the web application. Resend sends customer emails when email delivery is configured.

These providers process data under their own terms and privacy policies. We choose providers that are appropriate for a security-sensitive SaaS product and limit what each provider receives to the role it performs.

Restorely uses a tenant session cookie to keep authenticated customers connected to the right workspace. The cookie is HttpOnly, Secure, and SameSite=Lax.

We do not use third-party tracking cookies.

We collect privacy-safe funnel events so we can understand whether signup, OAuth, billing, and self-serve product flows work.

We do not store raw personally identifiable information in analytics events. Inputs such as IP-derived values are hashed before storage.

Customers can request deletion by contacting hello@restorely.io. We may need to verify the requester controls the relevant Restorely account or Linear workspace before deleting data.

Free snapshots are retained for 7 days, Starter snapshots for 30 days, Pro snapshots for 90 days, and Business snapshots for 365 days. After cancellation or deletion request, backup snapshots are purged from active storage when the applicable retention window or deletion workflow completes, except for limited records we need for billing, security, legal compliance, or abuse prevention.

Restorely beta is not available to customers in the European Economic Area, the United Kingdom, or Switzerland.

Restorely does not currently market to or process personal data of EU residents and does not claim GDPR readiness. Do not connect a Linear workspace containing personal data of people in those jurisdictions.

California residents may have rights to know, access, correct, delete, and opt out of certain sharing of personal information.

Restorely does not sell personal information. To make a California privacy request, contact hello@restorely.io.

If we confirm a data breach involving customer personal data, we will notify affected customers without undue delay and within 72 hours when legally required.

We will include what happened, what data was involved, what we are doing, and what customers can do to reduce risk when that information is available.

We may update this policy as Restorely changes. For material privacy changes, we will provide notice before the change takes effect when practical.

Questions or privacy requests: hello@restorely.io.