1. Who we are
Plynf is an open-source runtime for AI agents, distributed under the Apache 2.0 license. This policy covers the website at plynf.com and the optional hosted cloud product. The self-hosted runtime that you install on your own infrastructure does not transmit any data to us.
2. What we collect on the website
- Standard server logs (IP address, user agent, referrer, timestamp). Retained for 30 days. Used for abuse detection and capacity planning.
- Anonymous page-view counters via a self-hosted Plausible instance. No cookies, no fingerprinting, no cross-site tracking.
- If you submit a form, the fields you fill in. We only ask for what we need.
3. What the self-hosted runtime sends back to us
Nothing. Period. The Plynf runtime you install on your own infrastructure does not phone home, does not send install pings, does not collect usage analytics, does not check for updates over the network unless you explicitly run plynf update. The only outbound traffic the runtime initiates is to the model providers you configure (Anthropic, OpenAI) and the OAuth-tool endpoints you connect (GitHub, Slack, etc.).
We can verify this claim from outside, and so can you: tcpdump or your firewall logs will show zero packets to any plynf.com endpoint from a running self-hosted install.
4. What we collect in the hosted cloud
If you create a Plynf Cloud account: your email, account name, billing details (handled by Stripe, see their policy), and the workspaces, files, and tool-call metadata that you push to the platform.
We do not read the contents of your workspaces or train models on your data. Engineering staff access is gated behind a break-glass workflow that produces a permanent audit entry.
5. Cookies
The marketing site does not set tracking cookies. The hosted dashboard sets a single, strictly-necessary session cookie when you log in. That is the entire list.
6. Third parties
- Stripe for payments (cloud customers only)
- Cloudflare for DDoS protection and CDN
- Netlify for serving this marketing site
No analytics SaaS, no ad networks, no session replay, no chat widgets.
7. Where data lives
EU customers: data stays in eu-central-1 (Frankfurt). US customers: us-east-1 (Virginia). You pick the region at signup. Cross-region replication only happens if you explicitly opt in.
8. Your rights (GDPR + CCPA)
You can request a full export of your data, ask us to delete your account and everything in it, or correct anything we got wrong. Email privacy@plynf.com. We respond within 30 days, usually faster.
9. Changes
If we change this policy in any material way, we will email every account holder at least 30 days before the new version takes effect. The diff lives in the open-source repo so you can audit it.
10. Contact
privacy@plynf.com for anything covered above. security@plynf.com for vulnerability reports. Postal address on the imprint page.