Privacy Policy

Last updated: February 27, 2026

What we collect

Stockyard collects the minimum data necessary to provide our services.

Self-hosted (Free tier): We collect nothing. The binary runs entirely on your infrastructure. No telemetry, no phone-home, no analytics. Your LLM traffic, API keys, prompts, and responses never leave your machine.

Paid tiers: When you sign up for a paid Stockyard plan, we collect:

• Email address (for account management and communication)
• Organization name (for your workspace)
• Payment information (processed by Stripe; we never see or store your full card number)

Website: stockyard.dev does not use cookies, tracking pixels, or third-party analytics. We use basic server-side request logs (IP, timestamp, path) for operational monitoring, retained for 30 days.

How we use your data

Paid tier data is used solely to operate your Stockyard instance, send transactional emails (receipts, security alerts), and respond to support requests. We do not sell, share, or monetize your data in any way.

LLM traffic

Whether self-hosted or on a paid plan, your LLM requests and responses pass through the Stockyard proxy to your configured providers. Stockyard stores trace metadata (model, token count, latency, cost) per your retention settings. Prompt and response content is stored only if you explicitly enable it in Lookout settings. You can delete all trace data at any time via the API.

Provider API keys

API keys you configure for LLM providers (OpenAI, Anthropic, etc.) are encrypted at rest using AES-256-GCM. On self-hosted deployments, keys are stored in your local SQLite database. On Cloud, keys are stored in encrypted storage with per-tenant isolation.

Data retention

Cloud tier data is retained according to your plan: 90 days (Pro), 1 year (Team), unlimited (Enterprise), or per your agreement. Self-hosted (Free tier) retention is unlimited — you control your own data. You can export or delete your data at any time. Upon account deletion, all data is purged within 30 days.

Third parties

We use Stripe for payment processing and Railway for Cloud infrastructure hosting. We do not share data with any other third parties. We do not use any advertising networks or data brokers.

Security

Stockyard uses TLS for all connections, encrypts sensitive data at rest, and maintains a hash-chained audit ledger (Brand) for tamper-evident logging. If you discover a security vulnerability, please report it to security@stockyard.dev.

Changes

We may update this policy as our services evolve. Material changes will be announced via email to Cloud users and posted to our changelog. Continued use after changes constitutes acceptance.

Contact

Questions about privacy? Email privacy@stockyard.dev.