legal
Privacy policy
Verklet runs Node and supported Python code in your visitors' browsers by default and can promote workloads to a managed server runtime when the project enables that path. This page explains what data each mode collects and what we do with it.
Last updated · 2026-05-20
What the website collects
When you visit verklet.com we record standard request logs — IP address, user agent, referrer, requested path, timestamp — kept for up to thirty days for abuse detection and capacity planning.
We also use Google Tag Manager on the marketing site to load and manage analytics and advertising tags, including Google Analytics, Google Ads, and Reddit Ads where enabled. These tools help us understand aggregate website traffic, measure marketing performance, and attribute ad conversions. They may process information such as page URL, referrer, approximate location derived from IP address, device and browser details, interaction events, and advertising or analytics identifiers where your browser and consent settings allow them.
What the SDK collects
@verklet/sdk executes in the visitor's tab. When it boots, it may send a usage ping with your public project ID, SDK version, origin, and a random browser installation ID. We use that to serve compatible runtime assets and package registry URLs, and to compute Monthly Active Browsers.
Usage pings can happen on each boot. Billing and dashboard reporting deduplicate them server-side, so one browser reloading the runtime many times in a month still counts as one MAB. We do not fingerprint, IP-track, or correlate browser installation IDs across origins — see pricing for the mechanics.
Where runtime data lives
Browser-runtime files the SDK writes — projects, package caches, user output — live in the Origin Private File System (OPFS) of the page that booted the runtime. OPFS is sandboxed per origin: another website can't read it, and we can't read it either. Clearing site data in the browser deletes it.
Server-runtime sessions are different. When you use the server backend, Verklet may receive a workspace snapshot, mounted files, commands, stdout/stderr, exit codes, preview requests, workspace identifiers, quota events, and usage metadata needed to run the session, enforce limits, debug failures, and report usage.
We also store server-runtime policy and grant telemetry: allowed origins, server-runtime enablement, public minting status, private grant-secret hashes, grant attempts, grant denials, suspension state, budget caps, and coarse usage events. We use this to decide whether a browser or backend is allowed to create, connect to, or delete a server workspace.
If you build a product on top of Verklet that uploads files or sends code to the server runtime, that is your product's behaviour too and should be covered by your product's privacy disclosure.
Cookies
The marketing site uses strictly-necessary cookies for site operation and may use analytics or advertising cookies through Google Tag Manager, Google Analytics, Google Ads, and Reddit Ads. These cookies can help distinguish visits, remember attribution information, measure conversions, and improve ad reporting. You can control cookies through your browser settings and, where available, through the consent controls shown on the website.
Third parties we share with
Hosting, CDN delivery, and server-runtime infrastructure providers necessarily see request metadata and may process runtime session data when server execution is enabled. Email vendors see message content when you contact us. Google and Reddit may receive website usage and advertising measurement data through Google Tag Manager, Google Analytics, Google Ads, and Reddit Ads. We use that data for analytics, ad measurement, and conversion reporting. We don't sell data to advertisers or marketing brokers.
Your rights
If you believe we hold information about you and you want a copy of it, a correction, or for us to delete it, write to [email protected]. We aim to respond within fourteen days.
Changes to this policy
When we change this policy materially we update the "last updated" date at the top of the page and announce the change on the website. We don't re-issue notifications for typo fixes or clarifying edits.