Effective date: 2026-06-03
Vega Cache is a verifiable Nix binary cache operated by Ad Astra Computing Inc. It is free to use. This policy describes what data Vega processes and why.
vega login, and the Vega GitHub App.privacy.continent: false in vega.yaml to opt out, after which you are recorded as unknown and excluded from every geographic aggregate.Vega's purpose is verifiability, so attestations are public. The append-only RFC 9162 transparency log, per-output /status pages, shared-tier signatures, and the aggregate, k-anonymous Network Health view are all public. An attestation records the build's provenance, output hashes, builder identity, and continent.
No precise location or IP is retained for the social graph (continent only). OIDC tokens are verified and not stored. CI authenticates with short-lived OIDC, with no long-lived stored secret. There is no advertising or behavioral tracking.
Vega relies on a small set of third parties to operate the cache. The current list, with the purpose and data handled by each, is published at /subprocessors.
Rotate your view token at any time (this instantly revokes the old one), revoke trust edges, opt out of continent publication, and note that vega push artifacts live only in your own tenant namespace.
Vega is not an AI system; there is no model in its trust, signing, or moderation path.
Security and privacy: security@adastracomputing.com. General: vega@adastracomputing.com.