• Pricing
© 2026 Serverless, Inc. All rights reserved.

Framework

  • Overview
  • Documentation
  • Plugins360
  • Pricing

Learn

  • Blog
  • GuidesUpdated
  • Examples240
  • Courses

Resources

  • Support
  • Security
  • Trust Center
  • Status

Community

  • Slack
  • GitHub47k
  • Forum
  • Meetups

Company

  • About
  • Careers
  • Contact
  • Partners

Legal

  • Terms of Service
  • Privacy Policy
  • Trademark
  • DMCA

Privacy Policy

Last updated: December 1, 2025

1. Introduction

Serverless, Inc. ("Serverless," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our website at serverless.com, our cloud services, and any related products or services (collectively, the "Services").

By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our Services.

2. Information We Collect

2.1 Personal Data Provided by Customers

When you sign up for or use our Services, we may collect the following personal data:

  • Name and contact information (email address, phone number, mailing address)
  • Account credentials (username and password)
  • Billing and payment information
  • Company name and job title
  • Any other information you choose to provide to us

2.2 Usage Data

We automatically collect certain information when you access and use our Services, including:

  • Access times and dates
  • Pages visited and features used
  • Frequency of use
  • Browser type and version
  • Operating system
  • IP address
  • Referring URLs

2.3 Aggregate Data

We may create anonymized and aggregated data derived from your use of the Services ("Aggregate Data"). Aggregate Data does not identify you personally and may be used by Serverless for any lawful business purpose, including analyzing usage trends and improving our Services.

2.4 Cookies and Similar Technologies

Our website uses cookies and similar tracking technologies to collect information about your browsing activity. See Section 11 for more details on cookies and analytics.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing and maintaining the Services. We process your personal data to deliver, operate, and support the Services you have requested.
  • Improving our Services. We analyze usage patterns and performance data to enhance functionality, reliability, and user experience.
  • Performance monitoring. We monitor the performance and usage of our Services to ensure uptime, identify issues, and optimize delivery.
  • Analytics. We use analytics tools to understand how users interact with our website and Services.
  • Communications. We may send you service-related notices, updates, security alerts, and administrative messages. With your consent, we may also send marketing communications.
  • Compliance and legal obligations. We process data as necessary to comply with applicable laws, regulations, and legal requests.

4. Data Processing

4.1 Roles and Responsibilities

When we process personal data on behalf of our customers in connection with the Services, the customer acts as the Data Controller and Serverless acts as the Data Processor. This means that the customer determines the purposes and means of processing personal data, while Serverless processes that data only in accordance with the customer's documented instructions.

4.2 Instructions-Based Processing

As a Data Processor, Serverless processes personal data solely based on the documented instructions of the Data Controller (our customer). We do not process personal data for our own purposes beyond what is necessary to provide the Services and as described in this Privacy Policy.

4.3 Purpose Limitation

Personal data collected and processed through our Services is used only for the specific purposes outlined in this Privacy Policy and in our agreements with customers. We do not use personal data for purposes incompatible with those for which it was originally collected.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption. Personal data is encrypted both in transit and at rest using industry-standard encryption protocols.
  • Access control. Access to personal data is restricted through user identification and password-based authentication on a need-to-know basis. Only authorized personnel with a legitimate business need may access personal data.
  • Logging and monitoring. We maintain logs of access to and activity within our systems and monitor for unauthorized or suspicious activity.
  • Regular security assessments. We conduct regular security assessments to evaluate and improve the effectiveness of our security measures.

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security but are committed to maintaining strong protections.

6. Data Breach Notification

In the event of a data breach that affects your personal data, Serverless will notify the affected customer within 24 hours of becoming aware of the breach.

The notification will include, to the extent available:

  • A description of the nature of the breach
  • The categories and approximate number of data subjects affected
  • The categories and approximate number of personal data records affected
  • A description of the likely consequences of the breach
  • A description of the measures taken or proposed to address the breach, including measures to mitigate any adverse effects

We will cooperate with affected customers and relevant authorities to investigate and resolve the breach promptly.

7. Sub-processors

7.1 Authorization

Serverless may engage third-party sub-processors to assist in providing the Services. By using our Services, customers provide general authorization for Serverless to engage sub-processors, subject to the commitments described in this section.

7.2 List of Sub-processors

We maintain a current list of sub-processors that process personal data on our behalf. This list is available upon request by contacting us at the address provided in Section 15.

7.3 Change Notification

We will notify customers of any changes to the list of sub-processors, including the addition or replacement of sub-processors. Customers will be given the opportunity to review and, where applicable, raise objections to such changes in accordance with the terms of their agreement with Serverless.

8. Your Rights

Depending on your location and applicable data protection laws, you may have certain rights regarding your personal data, including the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete personal data
  • Delete your personal data, subject to certain exceptions
  • Restrict the processing of your personal data
  • Object to the processing of your personal data
  • Data portability to receive your personal data in a structured, commonly used, and machine-readable format
  • Withdraw consent where processing is based on your consent

Serverless assists customers in fulfilling data subject rights requests and in conducting data protection impact assessments as required by applicable law.

To exercise any of these rights, please contact us using the information provided in Section 15. We will respond to your request within a reasonable timeframe and in accordance with applicable law.

9. Data Location

Personal data processed through our Services is stored and processed in the United States. By using our Services, you acknowledge and consent to the transfer and processing of your personal data in the United States.

If you are located outside the United States, please be aware that the data protection laws in the United States may differ from those in your jurisdiction. We take appropriate measures to ensure that your personal data receives an adequate level of protection regardless of where it is processed.

10. Data Retention and Deletion

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.

10.1 Termination Obligations

Upon termination of the agreement between Serverless and a customer, Serverless will, at the customer's choice, either:

  • Return all personal data to the customer, or
  • Delete all personal data in its possession

This will be carried out within a reasonable timeframe following termination, unless applicable law requires further retention.

10.2 Retention Required by Law

In certain cases, we may be required by law to retain personal data for a specified period. In such cases, we will retain the data only for as long as legally required and will apply appropriate safeguards during the retention period.

11. Cookies and Analytics

11.1 Cookies

Our website uses cookies, which are small text files stored on your device, to enhance your browsing experience. Cookies help us recognize your browser, remember your preferences, and understand how you interact with our website.

11.2 Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC, to analyze website traffic and usage patterns. Google Analytics collects information such as:

  • Pages visited and time spent on each page
  • Referring website or source
  • Browser type and device information
  • Geographic location (at a general level)
  • Interactions with website features

Google Analytics uses cookies to collect this information. The data collected is aggregated and used to understand website usage trends, improve our content, and optimize user experience. You can learn more about how Google processes your data by visiting Google's Privacy Policy. You may opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

11.3 Managing Cookies

Most web browsers allow you to manage cookie preferences through their settings. You can choose to block or delete cookies, though doing so may affect the functionality of our website.

12. Third-Party Links

Our website and Services may contain links to third-party websites, products, or services. We are not responsible for the privacy practices or content of these third parties. We encourage you to review the privacy policies of any third-party websites you visit. This Privacy Policy applies only to information collected by Serverless through our own website and Services.

13. Children's Privacy

Our Services are not directed to children under the age of 13. We do not knowingly collect personal data from children under 13. If we become aware that we have inadvertently collected personal data from a child under 13, we will take steps to delete that information promptly. If you believe that a child under 13 has provided personal data to us, please contact us using the information in Section 15.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will update the "Last updated" date at the top of this page. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your data.

For material changes, we will provide notice through our website or by other means as required by applicable law.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Serverless, Inc. 522 San Anselmo Avenue San Anselmo, CA 94960

Email: privacy@serverless.com