Privacy Policy
Last reviewed:
This Privacy Policy explains what BotFlow Lab collects when you visit keyrotate.dev or use the keyrotate CLI tool, how that information is used, and how you can exercise rights over it. The short version: we collect essentially nothing through the tool, and the minimum possible through the website.
Who we are
BotFlow Lab ("we", "us") operates the keyrotate open-source project and the keyrotate.dev website. Contact: privacy@keyrotate.dev.
The keyrotate CLI tool
The CLI does not collect, transmit, or store any personal data on systems we control. No telemetry, no analytics, no error reporting, no auto-update check. See the Data Handling Notice for a detailed list of what the CLI does and does not do.
The website
The website is statically hosted on Netlify. We do not run analytics, cookies, or third-party trackers. Netlify automatically logs basic request metadata (IP address, User-Agent, requested URL, Referer, status code) for up to 30 days for abuse prevention and routing. That data is governed by Netlify's Privacy Notice.
Email correspondence
If you email us at privacy@keyrotate.dev, security@keyrotate.dev, or any other address we publish, we retain the message and any data you include while we handle your request. We do not use that data for any other purpose.
Legal basis (GDPR)
- Legitimate interests — for retaining short-lived CDN access logs to detect and prevent abuse of the website.
- Consent — when you voluntarily send us an email or open a GitHub issue. You may withdraw consent and ask us to delete a message at any time.
Your rights
Depending on your jurisdiction (GDPR / EEA, CCPA / California, PDPA / Thailand, others), you may have the right to: request access to data we hold about you, request correction or deletion, request a portable copy, restrict processing, or lodge a complaint with a supervisory authority. Because we hold almost no data tied to identifiable individuals, most requests will return "we do not hold this." Contact privacy@keyrotate.dev to exercise these rights.
International transfers
The website is served via Netlify's global CDN; requests may be processed in the country closest to you. Email is processed via standard transactional providers in the US.
Children
keyrotate is a developer security tool and is not directed at children under 13. We do not knowingly collect data from children.
Changes
We may update this policy. Material changes will be reflected in the "Last reviewed" date at the top and announced via the GitHub repository.