Legal
Privacy Policy
Last updated: July 5, 2026
At Aditya Web Services ("we", "us", or "our"), we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and safeguard your information when you use the Mini Lambda platform ("Service"). By using the Service, you consent to the practices described in this policy.
1. Information We Collect
Account Information
When you register, we collect your name, email address, and a hashed version of your password. We never store plaintext passwords — all passwords are hashed using bcrypt before storage.
Function Code & Data
When you deploy functions, we store your uploaded code archives in Google Cloud Storage and may store raw code content in our database for the Web IDE feature. Environment variables you configure are stored alongside your function metadata.
Execution Data
We collect and store execution metadata including status, duration, CPU time, memory usage, timestamps, and log output. This data is used to provide execution history, debugging capabilities, and usage analytics in your dashboard.
API Keys
When you generate API keys, we store only the SHA-256 hash of the key along with metadata such as creation date, name, and last usage timestamp. The raw key value is displayed only once and is never stored.
Usage & Analytics
We collect aggregated usage metrics including total executions, success/failure counts, and monthly usage statistics. We also collect HTTP request metrics (Prometheus) for platform performance monitoring.
2. How We Use Your Information
- Providing the Service: To execute your functions, display execution results, manage your account, and deliver the dashboard experience.
- Authentication: To verify your identity through JWT tokens, refresh tokens, and API key validation.
- Security: To send OTP verification emails, detect abuse, and enforce rate limits.
- Billing: To process subscription payments and maintain transaction records.
- Platform Improvement: To monitor system performance, identify issues, and improve the Service.
3. Data Storage & Security
Your data is stored across multiple secure infrastructure services:
- Database: Account data, function metadata, execution records, and logs are stored in a Neon Serverless PostgreSQL database with TLS encryption in transit.
- Cloud Storage: Function code archives are stored in Google Cloud Storage with signed URL access controls.
- Queue System: Execution jobs and real-time log messages transit through Upstash Redis with TLS encryption. These are ephemeral and not persisted long-term.
We implement industry-standard security measures including bcrypt password hashing, JWT token rotation, CORS origin whitelisting, request rate limiting, and HTTPS encryption for all API communications.
4. Third-Party Services
We integrate with the following third-party services that may process your data according to their own privacy policies:
- Razorpay — Processes payment transactions for subscription upgrades. We do not store your payment card details; all payment data is handled by Razorpay.
- Resend — Sends transactional emails including OTP verification codes and password reset emails. Your email address is shared with Resend for this purpose.
- Google Cloud Storage — Stores your uploaded function code archives. Files are accessed via time-limited signed URLs.
- Neon — Hosts our PostgreSQL database infrastructure.
- Upstash — Provides managed Redis for job queues and real-time messaging.
5. Cookies & Authentication Tokens
We use httpOnly cookies to store JWT access tokens (15-minute expiry) and refresh tokens (1-day expiry) for session management. These cookies are essential for authentication and are not used for tracking or advertising purposes. We do not use third-party tracking cookies or analytics scripts.
6. Data Retention
We retain your data for as long as your account is active and as needed to provide the Service. Specific retention periods include:
- Account data is retained until you delete your account.
- Execution logs and metadata are retained indefinitely for your reference unless you request deletion.
- Deleted functions are soft-deleted (marked with a timestamp) and may be permanently removed after a retention period.
- Payment transaction records are retained as required by applicable financial regulations.
7. Your Rights
You have the following rights regarding your personal data:
- Access: View your account information, execution history, and usage data through the dashboard.
- Correction: Update your name and email address through the dashboard settings.
- Deletion: Request deletion of your account and associated data by contacting us.
- Portability: Export your function code and execution data through the API.
- Revocation: Revoke API keys and log out of all sessions at any time.
8. Children's Privacy
The Service is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will take steps to delete that information promptly.
9. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date. Your continued use of the Service after any changes constitutes acceptance of the updated policy.
10. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us through the support channels available in your dashboard, or reach out to Aditya Web Services directly.