Privacy Policy

Last Updated: 01/01/2025

Welcome to Instantly.run (the “Service”), operated by Instantly Ltd (“we,” “us,” or “our”). We respect your privacy and are committed to protecting it through our compliance with this Privacy Policy.

This Policy describes how we collect, use, disclose, and protect personal information when you use our Service, and your rights regarding that information. By using the Service, you agree to the terms and practices described in this Policy.

1. Who We Are

We are Instantly Ltd, a company registered in the United Kingdom. Our registered address is:
Square Root Business Centre, 102-116 Windmill Road, Croydon, Surrey, CR0 2XQ, London, UK.

If you have any questions about this Privacy Policy or our data practices, please contact us at:
support@instantly.run.

For the purposes of the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR), Instantly Ltd acts as the “data controller” for personal data we collect in connection with the Service.

2. Information We Collect

We collect and process different types of personal data for various purposes, including:

Account Information: When you sign up for an account, we may collect your name (first and last), email address, and other contact details you voluntarily provide.
IP Address: We collect IP addresses for security, logging, and analytics purposes.
Billing Information: Although we do not store your credit card details directly, we partner with third-party payment processors who handle your payment and billing information (card number, expiration date, CVV, and billing address). We may receive limited information from them (e.g., payment confirmations) necessary for record-keeping.
Usage Data: We collect information about how you interact with our Service, such as access times, pages viewed, system logs, and other usage details. We may also gather analytics through tools such as Google Analytics and Facebook Pixel to improve the Service and understand user behavior.
Container Registry Data: If you use our “docker run” or related commands, we may store your Docker images in our container registry. We do this to perform malicious scanning, antivirus checks, and to optimize the deployment process.

3. How We Use Your Information

We use the personal data we collect for the following purposes:

Service Provision and Account Management: To create and manage your account, provide the requested services, respond to inquiries, and offer customer support.
Security and Compliance: To maintain the integrity and security of our Service, including detecting and preventing fraud, abuse, or illegal activity. We may conduct vulnerability scanning and antivirus checks on Docker images to ensure compliance with our policies.
Custom Domain and SSL/TLS Services: If you choose to use a custom domain, we will assist in generating and renewing SSL certificates (e.g., via Let’s Encrypt) on your behalf, which may involve using the email address associated with your account. We terminate SSL/TLS at our load balancer/edge to route traffic into the cluster. By using a custom domain, you acknowledge and authorize us to request and manage SSL certificates for your domain.
Analytics and Improvement: We use analytics tools (e.g., Google Analytics, Facebook Pixel) to understand user behavior, improve our Service, and measure marketing effectiveness. We may collect cookie-based or anonymous identifiers to help us analyze trends and administer our website.
Legal Obligations: To comply with applicable laws, regulations, or legal processes and respond to lawful requests.
Marketing and Communications (if applicable): To send you promotional materials or updates about new features or services, in compliance with applicable laws. You can opt out of marketing emails at any time.

4. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we rely on the following legal bases for processing your personal data:

Performance of a Contract: Where processing is necessary to provide the Service you requested.
Legitimate Interests: For security, analytics, improvement of our Service, and preventing fraudulent or malicious activity.
Consent: Where you have given consent to receive marketing communications or to use certain types of cookies and tracking technologies (subject to our separate Cookie Policy).
Compliance with Legal Obligations: Where we are required to comply with applicable laws and regulations.

5. Cookies and Tracking Technologies

We use cookies, web beacons, and similar technologies (including third-party tools like Google Analytics and Facebook Pixel) to collect information about your use of our Service. For detailed information on how we use cookies and how you can control them, please refer to our separate Cookie Policy.

6. Data Retention

We keep your personal data for as long as necessary to fulfill the purposes for which we collected it, including any legal, accounting, or reporting requirements. While we do not have a fixed retention period, we regularly review the necessity of data storage. We will also delete or anonymize data upon valid request or when it is no longer needed, unless otherwise required by law.

7. Disclosure of Your Information

We may share your personal information in the following circumstances:

Service Providers: We use third-party vendors (e.g., hosting providers such as OVH Cloud, Google Cloud, Amazon Web Services) and payment processors to operate and support the Service. These vendors may have access to personal data, but only to the extent necessary to perform their services.
Legal Requirements: We may disclose your personal data if required by law, court order, or government regulation.
Business Transfers: In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the new entity.
Protection of Rights: We may disclose information to enforce our agreements, protect the security or integrity of the Service, or prevent harm to us, our users, or others.

8. International Data Transfers

We operate globally and may transfer, store, or process your personal data in data centers located in Europe, the United States, Africa, and Asia. Where we transfer personal data outside of the UK or European Economic Area, we implement appropriate safeguards (such as Standard Contractual Clauses) to ensure a similar level of data protection.

9. How We Protect Your Information

We implement industry-standard security measures designed to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures include encryption, access controls, and regular security assessments.

Despite our efforts, no security measure is perfect, and we cannot guarantee the absolute security of your data. If you have any concerns about the security of your data, please contact us at support@instantly.run.

10. Your Rights (GDPR and UK GDPR)

If you are located in the UK, EEA, or another region with similar data protection laws, you may have certain rights regarding your personal data, including:

Access: Request a copy of the personal data we hold about you.
Rectification: Request correction of any inaccurate or incomplete data.
Erasure: Request deletion of your personal data when it’s no longer necessary for the purposes collected, or if you withdraw consent.
Restriction: Ask us to limit the processing of your personal data under certain conditions.
Portability: Receive your personal data in a structured, commonly used format.
Objection: Object to the processing of your personal data in certain situations, such as direct marketing.

To exercise these rights, please contact us at support@instantly.run. We will respond to your request in accordance with applicable law.

11. Log Data and Minimal Inspection

We collect logs (e.g., access logs, error logs) to ensure the stability and security of our Service. These logs may include IP addresses and timestamps. We do not otherwise inspect or store customer data transmitted via HTTPS, except to the limited extent necessary for debugging, security scanning, or legal compliance.

12. Third-Party Links

The Service may contain links to third-party websites or services that we do not own or control. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies carefully before providing any personal data.

13. Children’s Privacy

Our Service is not directed to children under the age of 16, and we do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us, and we will take steps to delete such information.

14. Custom Domains, SSL/TLS Termination, and IP Rights

When you use a custom domain with Instantly.run, you agree to:

Provide correct DNS configuration to route traffic to our infrastructure.
Authorize us to obtain and renew SSL certificates (e.g., from Let’s Encrypt) on your behalf using the email address associated with your account.
Accept that we terminate SSL/TLS at our load balancer or edge to forward traffic into our Kubernetes cluster.

We do not generally inspect or filter traffic passing through custom domains. However, we reserve the right to implement scanning or filtering at our discretion. Users remain responsible for any content or data served under their custom domain.

15. Copyright Infringement Notices

If you believe content hosted on Instantly.run infringes your copyright, please contact us at support@instantly.run with the following information (commonly referred to as a “DMCA Takedown Request” or similar copyright notice):

A physical or electronic signature of the person authorized to act on behalf of the owner of the copyright interest.
An identification of the copyrighted work claimed to have been infringed.
An identification of the material that is claimed to be infringing or to be the subject of infringing activity, and information reasonably sufficient to permit us to locate the material.
A statement by you that you have a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law.
A statement by you, made under penalty of perjury, that the information in your notice is accurate and that you are the copyright owner or authorized to act on the copyright owner’s behalf.
Your name, address, telephone number, and email address.

Upon receipt of a valid notice, we will promptly investigate and take any actions required under applicable laws.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. When we post changes, we will revise the “Last Updated” date at the top of this page. If we make material changes, we will provide you with notice (e.g., by email or a prominent notice on our website) prior to the change becoming effective.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
support@instantly.run.