Track 1 platform and get the weekly governance digest. No credit card required.
This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology
This is Fly.io's privacy policy, explaining what personal information the company collects from developers and businesses who use its cloud hosting platform, including account details, billing information, usage logs, and support communications. The most important thing for users to know is that Fly.io may share your personal data with third-party service providers, business partners, and potential acquirers in a sale or merger, meaning your data could transfer to new hands without requiring your individual consent. If you are located in the EU, UK, or California, the policy grants you specific rights to access, correct, or delete your data, which you can exercise by contacting Fly.io directly at the contact details provided in the policy.
This document is Fly.io's Privacy Statement, governing the collection, use, and disclosure of personal data by Superfly, Inc. in connection with its cloud application hosting platform and related services. The statement asserts that Fly.io collects account information, payment data, usage and log data, communications content, and customer application data, and the terms authorize sharing this information with service providers, business partners, and in connection with corporate transactions such as mergers or acquisitions. Notably, the statement positions customer application data (data belonging to end users of applications deployed on Fly.io infrastructure) as distinct from Fly.io's own data collection, placing primary responsibility for that data on the deploying customer; this operator-versus-controller distinction is operationally significant but its precise legal weight depends on applicable data protection law and the existence of appropriate data processing agreements. The statement references compliance obligations for EU and UK users under GDPR-equivalent frameworks, California residents under CCPA, and acknowledges data transfers outside the EEA, engaging the FTC's jurisdiction over unfair or deceptive data practices in the US context and EU supervisory authority jurisdiction for European residents. Material compliance considerations include the adequacy of data transfer mechanisms for cross-border transfers, the sufficiency of contractual arrangements between Fly.io and its customers who process end-user data on the platform, and the clarity of retention and deletion practices described in the policy.
Institutional analysis available with Professional
Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.
Start Professional free trialMonitoring
Fly.io has updated this document before.
Watcher includes same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
Professional Governance Intelligence
Need provision-level monitoring and regulatory mapping?
Professional includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.
Start Professional free trialCross-platform context
See how other platforms handle Customer Application Data Processing and similar clauses.
Compare across platforms →Governance Monitoring
Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.