Track 1 platform and get the weekly governance digest. No credit card required.
This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology
This document establishes Fly.io's data collection, processing, and disclosure practices for developers and businesses using its cloud hosting platform. The policy authorizes Fly.io to collect account details, billing information, usage logs, and support communications, and permits sharing of personal data with third-party service providers, business partners, and acquirers in corporate transactions including mergers and acquisitions. The policy establishes data subject rights for individuals in the EU, UK, and California, exercisable through contact with Fly.io at specified contact details.
This document is Fly.io's Privacy Statement, governing the collection, use, and disclosure of personal data by Superfly, Inc. in connection with its cloud application hosting platform and related services. The statement asserts that Fly.io collects account information, payment data, usage and log data, communications content, and customer application data, and the terms authorize sharing this information with service providers, business partners, and in connection with corporate transactions such as mergers or acquisitions. Notably, the statement positions customer application data (data belonging to end users of applications deployed on Fly.io infrastructure) as distinct from Fly.io's own data collection, placing primary responsibility for that data on the deploying customer; this operator-versus-controller distinction is operationally significant but its precise legal weight depends on applicable data protection law and the existence of appropriate data processing agreements. The statement references compliance obligations for EU and UK users under GDPR-equivalent frameworks, California residents under CCPA, and acknowledges data transfers outside the EEA, engaging the FTC's jurisdiction over unfair or deceptive data practices in the US context and EU supervisory authority jurisdiction for European residents. Material compliance considerations include the adequacy of data transfer mechanisms for cross-border transfers, the sufficiency of contractual arrangements between Fly.io and its customers who process end-user data on the platform, and the clarity of retention and deletion practices described in the policy.
Institutional analysis available with Compliance
Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.
Start Compliance free trialMonitoring
Fly.io has updated this document before.
Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
Compliance Governance Intelligence
Need provision-level monitoring and regulatory mapping?
Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.
Start Compliance free trialCross-platform context
See how other platforms handle Customer Application Data Processing and similar clauses.
Compare across platforms →Governance Monitoring
Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.