Privacy Policy

Deep visibility into your APIs

Effective date: 5/16/2020


We collect your information only with your consent, or on another legal basis. We only collect the minimum amount of information that is necessary to fulfill the purpose of your interaction with us. We don't sell any personal information to any third parties, and we only use data as this privacy policy describes. No matter where you are, where you live, or what your citizenship is, we provide the same standard of privacy protection to all our users around the world, regardless of your country of origin or location.

A. What information we collect and why

1. Website visitors

We collect anonymous data about visits to our website, including pages viewed, browser/device type and approximate geographic location. We gather this information to improve the visitor experience and performance of our website, and for statistical purposes to track how many visitors we have and what resources are accessed most often.

2. Self-hosted databases

We track how many times our software is downloaded from DockerHub, to understand how many customers have deployed each version of our software.

After installing your database, you will provide usage data (specifically HTTP request and response data) by adding a logger to your applications. This usage data is processed and loaded into your database, so that you can query this data from your favorite database tools. None of your usage data is shared with Resurface Labs.

Our software has an option to create "support bundles" when requested by a customer. These include configuration and log files for troubleshooting purposes. Support bundles contain text files (not binary files) so that customers can inspect these to see what information is being shared.

3. Hosted databases

We collect email addresses and credit card numbers for customers of our hosted databases, which we use for customer support and for billing purposes. We keep customer records about payment history and interactions with technical support. We'll provide you with any data about your account history upon request.

After your database is provisioned, you will provide usage data (specifically HTTP request and response data) by adding a logger to your applications. This usage data is processed and loaded into your database, so that you can query this data from your favorite database tools. None of your usage data is shared with Resurface Labs.

B. What information we do not collect

1. Website visitors

When you visit our website, we do not collect any personal information about you. We do not collect IP addresses or other data to uniquely identify or track you. We don't use any third-party tracking services, like Google Analytics, because those are totally lame.

2. Self-hosted databases

We do not collect any data that uniquely identifies customers who download software from DockerHub.

Self-hosted databases operate completely independently of Resurface Labs. There are no "phone home" capabilities where data is automatically sent to Resurface Labs or to any third parties. Support bundles generated by our software do not include any usage data, and so do not contain any sensitive user PII.

3. Hosted databases

We do not intentionally collect any usage data outside the context of your hosted database. We do not maintain any copies or backups of your usage data. No data stored in your hosted database is visible to Resurface staff. If your usage data includes sensitive personal information, you are responsible for complying with any regulatory controls regarding that data.

C. How we share the information we collect

We do not share, sell, rent or trade any collected data with any third parties for any purpose.

We do not host advertising on, nor do we sell any information to advertisers or marketers. We may occasionally embed content from third-party sites, such as YouTube, and that content may include ads. While we try to minimize any ads our embedded content contains, we can't always control what third parties show.

D. Our use of cookies and tracking

Our online services use first-party persistent cookies for the sole purpose of optimizing and load-balancing network communication to our services. These cookies are strictly necessary for us to provide these services. By using our online services, you consent to allow storing these cookies on your computer or device. These cookies are very small and are not stored for more than one year. These cookies do not store any personal information that identifies you.

We do not rely on any third-party services that create cookies or otherwise attempt to track our users. We do not use cookies or tracking technologies to enable correlating use of our online services with any other online services in any way. We do not use "supercookies" or any similar techniques for permanently tracking a user device. We do not use email tracking technologies (like pixel tags) for any emails we send. We do not ask for user consent to allow any type of user tracking, simply because we do not perform this kind of tracking.

E. How we secure your information

1. General practices

We take all measures reasonably necessary to protect your data from unauthorized access, alteration or destruction; to maintain data accuracy; and to help ensure the appropriate use of your data. We follow generally accepted industry standards to protect data submitted to us, both during transmission and once we receive it. Specific guidelines and best practices for our software are described in our security guide.

No method of transmission or retention of user data is 100% secure. We cannot guarantee absolute security, but we strive for the highest standards of care when designing and running our services.

2. Self-hosted databases

When running your own database, it's important that you follow the security guide, as well as other standard industry practices for securing the systems and networks involved. Resurface Labs cannot be responsible for security factors outside the context and control of our software.

3. Hosted databases

For customers of our hosted databases, your usage data will be stored to a database instance that is dedicated to your account. Your usage data is never stored on any system that also stores data for another Resurface customer. Your usage data cannot be accessed by other customers or by our staff. Usage data will be retained in your database until removed to make room for newer data, or after a predefined interval of time has passed. All usage data is immediately destroyed if you cancel your service or ask that your database be deleted. When requested, we will collect an audit trail of all access to your database.

F. How to report a complaint

If you have questions or concerns, please contact us immediately. We want to help and will respond promptly.

Data Protection Officer:
Rob Dickinson
[email protected]
5323 Deer Creek Ct, Boulder CO 80301 USA

You have the right to lodge a complaint with the appropriate supervisory authority in your jurisdiction, in the unlikely event that we are unable to resolve your complaint to your satisfaction.

G. How to control the information we collect

Our logging libraries are always configured with logging rules that control what information is collected. Strict logging rules are active by default, so that common forms of personally identifying information are automatically removed. Users may configure logging rules to allow additional detail to be collected (when it is appropriate to do so), for detecting user consent or to randomly sample usage data. Please see our online documentation for more information about logging rules.

H. How we communicate with you

We communicate company updates through our blog, our public Slack channel, and through social media.

We use email to communicate with individual customers, except for those who ask to use Slack instead. We only collect email addresses from customers who sign up for a hosted database. We do not currently maintain a mailing list for sending bulk emails.

I. Global privacy practices

Information that we collect will be retained and processed in the United States in accordance with this privacy policy. However, we understand that users from different countries and regions have different privacy expectations, and we strive to meet those needs. We provide the same standard of privacy protection to all our users around the world, regardless of their country of origin or physical location.

J. Changes to our privacy policy

Although most changes are likely to be minor, Resurface Labs may change this privacy policy from time to time. We will provide notification to users of changes to this policy through our website at least 30 days prior to the change taking effect by announcing the change on our blog and Slack channel.

K. Revision history

  • 5/28/2018 - original version
  • 4/8/2019 - collection and use of website visitor data
  • 8/16/2019 - additions to cover hosted databases
  • 5/16/2020 - removed references to demo environment (deprecated)