Skip to content
Legal

Privacy Policy

Last updated June 1, 2026.

1. What we collect

Account data: when you sign in through Keystone we receive your identifier, email, and the organizations and projects you belong to. We do not operate a separate password store; authentication is delegated to the L1fe identity platform.

Operational data: provisioning requests, lifecycle actions, credential mints, and agent invocations are recorded with their principal, org, project, timestamp, and the affected rig. This is the audit trail the product is built on.

Usage data: desktop minutes, OS image, size, and region are metered per session through Garden for billing and quota enforcement.

2. What happens inside a rig

Desktop sessions are isolated per rig with their own network and filesystem namespace. We do not inspect the contents of your desktop sessions in the normal course of operations.

Stateless rigs are destroyed on stop and leave no persisted state. Persistent rigs store snapshots encrypted at rest, scoped to your tenant.

Live-session credentials are generated on demand, never persisted server-side, and expire within minutes.

3. How we use data

To operate the service: scheduling, scoping, metering, and billing.

To secure the service: detecting abuse, enforcing quotas, and investigating incidents using the audit trail.

To improve the service: aggregate, de-identified usage statistics. We do not sell personal data and we do not use the contents of your desktop sessions to train models.

4. Sharing

Within the L1fe platform: identity flows through Keystone, usage through Garden, and workloads through Omega — each bound by the same tenancy model described here.

Subprocessors: infrastructure providers that host the desktop runtime (including sanctioned Apple hardware providers for macOS sessions). Subprocessors are bound by data processing agreements.

Legal: we disclose data only when required by law, and we notify affected customers unless legally prevented.

5. Retention and deletion

Audit and billing records are retained for the period required for financial and security compliance.

Snapshot storage is deleted when you delete the rig or your account, subject to a short recovery window.

You can request export or deletion of your personal data through the contact form; we respond within 30 days.

6. Contact

Questions about this policy go to the contact form with the topic set to 'Something else', or to the address provided in your enterprise agreement.