Spawner publisher policy.
Privacy Policy · Spawner
Effective July 13, 2026
Summary
Spawner keeps provider credentials local, uses them only for user-requested operations, and does not operate a credential relay.
Credentials
Spawner stores Cloudflare OAuth credentials in the operating system credential store. Credentials are not written to the repository, spawner.toml, deployment plans, logs, or command output.
Cloudflare receives authorization and API requests directly from the installed Spawner CLI. Stepworld does not operate a credential relay for this OAuth client.
Repository and project data
Spawner inspects repository structure and approved configuration on the user's machine. It sends only the API data required to create, validate, or remove resources that the user requested.
Revocation and deletion
Users can revoke Spawner from Cloudflare at any time and remove the local credential through Spawner. Resource deletion remains ownership-validated and explicit.