Privacy Policy

This Privacy Policy explains how Orkait collects, uses, stores, shares, and protects information when you use Rustbox, including the website, documentation, playground, dashboard, API, SDKs, OAuth sign-in, beta access forms, and webhook features.

Rustbox is a developer service for executing code in isolated runtime profiles. Because submitted code and execution metadata can contain sensitive information, you should avoid sending secrets, production credentials, regulated data, or confidential third-party data unless you have a written agreement that permits it.

For privacy questions, deletion requests, or account support, contact [email protected].

We collect information you provide directly, information generated when you use the service, information created by sandbox executions, and limited technical metadata needed to operate and protect the service.

The table below describes the main categories. Actual data collected depends on whether you browse the website, sign in, request beta access, use the playground, call the API, create projects, configure webhooks, or contact support.

We receive information from you when you create an account, sign in, request access, submit jobs, configure projects, create API keys, send support messages, or configure webhooks.

We receive information from OAuth providers such as GitHub or Google when you choose to authenticate with them, subject to their own terms and privacy policies.

We automatically generate execution data, request metadata, rate-limit events, security logs, and operational metrics when the website, dashboard, API, or runtime infrastructure is used.

We use information to authenticate users, run sandbox jobs, return verdicts, deliver webhooks, enforce rate limits, allocate queues, manage projects, provide support, detect abuse, secure infrastructure, debug failures, improve reliability, and communicate service changes.

We may use aggregated or de-identified operational metrics to understand performance, capacity, product usage, language popularity, queue behavior, and infrastructure reliability.

We do not use submitted code, stdin, outputs, or execution payloads to train AI models. We do not sell personal information. We do not share personal information with advertisers.

Where privacy law requires a legal basis, we process information to perform a contract with you, operate the service at your request, pursue legitimate interests such as security and abuse prevention, comply with legal obligations, or act with your consent where consent is required.

You may withdraw consent where processing is based on consent, but withdrawal may not affect processing that already occurred or processing needed for security, legal obligations, or contract performance.

We may share information with service providers that help operate Rustbox, such as hosting providers, database providers, identity providers, email or support systems, logging and monitoring tools, payment processors if paid plans are enabled, and security or abuse-prevention services.

We may disclose information if required by law, legal process, security incident investigation, fraud prevention, enforcement of these terms, protection of rights and safety, corporate transactions, or with your direction or consent.

We do not allow service providers to use personal information for their own advertising purposes. They may process information only as needed to provide services to Orkait or as legally required.

We retain information only as long as reasonably needed for the purposes described in this policy, including account operation, execution history, quotas, support, security, abuse investigation, legal obligations, and audit needs.

Beta retention periods may change as the product matures. When deletion is requested, we delete or de-identify eligible data unless retention is needed for security, fraud prevention, dispute resolution, legal compliance, backup restoration, or legitimate operational reasons.

Backups and logs may take additional time to expire from all systems. We do not promise that data can be removed instantly from immutable backups or incident archives.

Rustbox uses technical and organizational safeguards designed for a developer runtime service, including sandbox isolation, credential controls, rate limiting, logging, access restrictions, and operational monitoring.

No online service can guarantee perfect security. You are responsible for protecting API keys, secrets, OAuth sessions, webhook signing secrets, client-side storage, and any data you submit to the service.

If you believe an account, API key, webhook secret, or submission has been compromised, contact support and rotate affected credentials as soon as possible.

Rustbox may use cookies for session authentication, security, and interface state. Some components may store preferences in local storage, such as playground settings or dashboard state.

These technologies help keep you signed in, remember UI choices, and operate the product. Clearing browser storage may sign you out or reset preferences.

Rustbox does not use advertising pixels. If analytics or monitoring tools are introduced in the future, this policy should be updated to describe them accurately.

Depending on your location, you may have rights to access, correct, delete, export, restrict, or object to processing of personal information. You may also have the right to appeal or lodge a complaint with a regulator.

You can revoke API keys, remove webhook endpoints, clear local browser storage, stop using the service, or request account deletion. Some operational records may remain where needed for security, legal, or abuse-prevention reasons.

To exercise a privacy right, email [email protected] from the address associated with your account. We may need to verify your identity before completing the request.

Rustbox is intended for developers, organizations, educators, and technical users. It is not directed to children under 13, and we do not knowingly collect personal information from children under 13.

If you use Rustbox in an educational setting, you are responsible for obtaining any required notices, permissions, school approvals, or agreements before submitting student data or student code.

Rustbox may process information in countries where Orkait, hosting providers, infrastructure vendors, or service providers operate. Those countries may have different privacy laws than your location.

Where required, Orkait will use appropriate safeguards for cross-border transfers, such as contractual protections or other recognized transfer mechanisms.

We may update this Privacy Policy as Rustbox changes, data practices change, legal requirements evolve, or new product features are added.

The last-updated date identifies the current version. Continued use of Rustbox after an update means the updated policy applies to future use.