Privacy Policy

Effective date: July 3, 2026

1. Who We Are

Verlex ("we", "us", "our") operates the cloud compute orchestration platform available at verlex.dev. We route Python workloads to low-cost cloud infrastructure on your behalf across multiple cloud providers, including AWS, Google Cloud, Microsoft Azure, Verda, RunPod, Vast.ai, JarvisLabs, Hyperstack, TensorDock, Lyceum, Beam, Northflank, Novita, and Cerebrium. The Service is currently in private beta.

For any privacy-related questions, contact us at support@verlex.dev.

2. Information We Collect

Account data: Name and email address provided when signing up. Authentication is handled by Clerk, our identity provider.

Usage data: Job submission timestamps, execution duration, resource usage (CPU, memory, GPU), provider and hardware selection, and job status. We retain job records, execution logs, and error traces after a job completes so that you can review results, retrieve logs, and audit your billing history.

Billing data: Payment card details are handled entirely by Stripe and never touch our servers. To support automatic top-ups we store the Stripe payment method identifier, the card brand, and the last four digits of the card, along with transaction records (amount, date, currency, credit balance). We never store full card numbers.

Technical data: IP address, browser type, and referral URL collected automatically when you access our website. We use this solely for security and performance monitoring.

Your code and data: The Python functions, arguments, and files you submit are serialized, transmitted securely, and executed on compute instances that are ephemeral: after your job finishes, the instance is either destroyed or wiped and sanitized before any reuse. We do not read, analyze, or train on your code.

Stored files: If you upload workspace files or your jobs produce checkpoints, artifacts, or results, those are stored in Cloudflare R2 object storage under your account, count against your plan's storage quota, and remain available to you until they expire under our lifecycle rules or you delete them (see Section 5).

3. How We Use Your Information

  • To provision cloud infrastructure and execute your workloads
  • To calculate and deduct compute credits accurately
  • To send transactional emails (job completion, billing receipts, service alerts)
  • To detect and prevent abuse, fraud, and security incidents
  • To improve the platform (aggregate, anonymized analytics only)
  • To comply with applicable laws and legal obligations

We do not sell your data. We do not use your data for advertising or share it with data brokers.

4. Third-Party Services and Subprocessors

We work with the following processors to deliver the service:

  • Clerk: authentication and user session management
  • Stripe: payment processing, subscriptions, and billing
  • Supabase: database hosting (user accounts, credits, job records, audit logs)
  • Cloudflare R2: object storage for your workspace files, checkpoints, artifacts, and results
  • Sentry: error monitoring and telemetry for platform failures
  • Railway: infrastructure hosting for our backend
  • Vercel: hosting for our website
  • Cloud compute providers: AWS, Google Cloud, Microsoft Azure, Verda, RunPod, Vast.ai, JarvisLabs, Hyperstack, TensorDock, Lyceum, Beam, Northflank, Novita, and Cerebrium act as subprocessors that provide the ephemeral compute instances and serverless containers on which your jobs run

Each processor is bound by its own privacy policy and applicable data processing terms.

5. Data Retention

  • Compute instances: ephemeral. After a job, the instance is terminated, or wiped and sanitized before any reuse. Nothing from your job persists on provider hardware.
  • Temporary workspace files: files uploaded for job execution are automatically deleted after a short period of inactivity, typically within about one day of their last use.
  • Job outputs, checkpoints, and artifacts: retained in your account's storage so you can retrieve them after completion, subject to your plan's storage quota and lifecycle rules, until they expire or you delete them.
  • Job records and logs: retained as part of your account history for billing accuracy, support, and auditing.
  • Account and billing records: retained while your account is active and as required for legal, tax, and accounting purposes. Upon account closure we delete personal data that we are not legally required to keep.

6. Security

  • API keys are stored only as SHA-256 hashes. We never store your API key in plaintext, and it cannot be recovered from our database.
  • Secrets you store with us (such as environment variables for your jobs) are encrypted at rest, and encryption is mandatory in our production environment.
  • We keep structured audit logs of security-relevant events, including logins, API key creation and use, job activity, secret access, and billing charges.
  • Payment webhooks from Stripe are cryptographically verified before processing.

7. Cookies

We use only essential cookies required for authentication and session management. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

8. Your Rights

Depending on your location, you may have the right to:

  • Access: request a copy of the personal data we hold about you
  • Rectification: request correction of inaccurate data
  • Erasure: request deletion of your account and associated data
  • Portability: receive your data in a machine-readable format
  • Objection: object to certain processing activities
  • Opt-out of marketing: unsubscribe from non-essential emails at any time

To exercise any of these rights, email support@verlex.dev. We will respond within 30 days.

9. International Data Transfers

Your data may be processed in the United States or other countries where our cloud infrastructure and processors operate. In particular, compute for your jobs may run in any region offered by our cloud providers. We take appropriate safeguards to ensure your data is protected in accordance with this policy regardless of location.

10. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by email or via an in-app notice at least 14 days before they take effect. Continued use of the Service after the effective date constitutes acceptance.

11. Contact

Privacy questions or requests: support@verlex.dev