ontime.sh — privacy policy

last updated 2026-04-23.

ontime.sh is built to collect as little about you as possible. You sign up with an SSH key, not an email. Here's exactly what we store and why.

what we collect

• Your SSH public key and a fingerprint-derived account ID. This is your identity.
• Jobs you deploy: the script source, schedule, name, resource knobs. Stored so we can run them.
• Env values you set: encrypted at rest with AES-256-GCM using a master key that lives only on the server. Decrypted in memory only at the moment of a run.
• Run metadata and logs: start time, exit code, stdout/stderr. Retained per your tier (7 / 30 / 90 days).
• Connection metadata: source IP and timestamp of SSH sessions, kept in systemd journals for up to 14 days for abuse investigation.
• Billing info (paid tiers only): handled by Stripe. We see the email, country, and last four of the card. We never see the full card number.

what we don't collect

• No web analytics, no cookies, no trackers on this site.
• No email address for free-tier users.
• No real name, phone, or address unless you voluntarily send it.
• No content of the network traffic your jobs make — we can see bytes-in/out totals for billing, not payloads.

who sees your data

ontime.sh operators can see: your pubkey, job list, job source, run logs, and connection IPs. Operators cannot see the plaintext of env values without active access to the running server — encryption is at rest only, not end-to-end. Treat operators as trusted with your code and logs.

We don't sell, rent, or share your data with third parties. Subprocessors we use:

• Hetzner — hosts the bare-metal server.
• Stripe — payments, paid tiers only.

We disclose data to law enforcement only under a valid legal order binding on the hosting jurisdiction.

security

• SSH transport encryption end-to-end.
• Env values sealed with AES-256-GCM; master key at mode 0600 on the server.
• User jobs run in per-run Firecracker microVMs — no persistence or cross-user visibility beyond what's in our database.
• Nightly encrypted backups of the accounts DB and master key to a separate host.

your rights

You can, at any time:

• List and delete your jobs over SSH.
• Email hi@ontime.sh with your account ID to request export or full deletion of your data. Deletion is permanent and usually completes within 7 days.

If you're in the EU/UK, the above satisfies your GDPR rights of access, deletion, and portability. Our legal basis for processing is contract (running the jobs you ask us to run) and legitimate interest (abuse prevention).

data location

Servers are in the EU (Hetzner, Germany). Backups are encrypted and stored in the same region. If we add US or other regions, we'll update this page.

changes

Posted here with a bumped date. Material changes get emailed to active paid accounts.

contact

hi@ontime.sh