Privacy Policy

1. Introduction

cloudCostAI ("we", "us", or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cloud cost optimization service.

Please read this Privacy Policy carefully. By using cloudCostAI, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller

cloudCostAI is the data controller responsible for your personal data. You can contact us at:

3. Information We Collect

3.1 Information You Provide Directly

Account Information

When you create an account, we collect:

• Email address (required for authentication)
• Password (encrypted and stored securely via Supabase Auth)
• Name or display name (if provided)
• Company name (optional)

Billing Information

For paid subscriptions, we collect:

• Billing name and address
• Payment information (processed securely by Stripe; we do not store full credit card details)
• Tax identification numbers (if required by law)

Uploaded Files and Data

When you use the Service, you upload:

• Cloud billing files (AWS, Azure, GCP)
• Infrastructure configuration files (Terraform, Kubernetes, Docker Compose)
• Any technical data contained within these files

Note: You are responsible for ensuring that uploaded files do not contain personal data of third parties without proper consent.

Communications

We collect information when you:

• Contact our support team
• Participate in surveys or provide feedback
• Subscribe to our newsletters or marketing communications

3.2 Information Collected Automatically

Usage Data

We automatically collect:

• Pages visited and features used
• Time and date of access
• Analysis history (file types analyzed, dates, results summary)
• Session duration and frequency of use

Technical Data

We collect:

• IP address
• Browser type and version
• Operating system
• Device information
• Referral URLs

Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience. See our Cookie Policy for detailed information about the cookies we use and how to manage them.

4. How We Use Your Information

We use your information for the following purposes:

4.1 To Provide the Service

• Create and manage your account
• Process and analyze your uploaded files using AI
• Generate cost optimization recommendations
• Store your analysis history
• Provide customer support

4.2 To Process Payments

• Process subscription payments and billing
• Manage invoices and payment history
• Detect and prevent fraud

4.3 To Improve the Service

• Analyze usage patterns to improve features
• Conduct research and development
• Test new features and functionality
• Monitor and analyze performance metrics

4.4 To Communicate With You

• Send service-related notifications (e.g., analysis completion, account changes)
• Respond to your inquiries and support requests
• Send marketing communications (with your consent)
• Notify you of updates, new features, or changes to our terms

4.5 For Security and Legal Compliance

• Detect, prevent, and address fraud or security issues
• Enforce our Terms of Service
• Comply with legal obligations
• Protect our rights and the rights of others

4.6 AI Processing

Your uploaded files are processed using OpenAI's GPT-4o API to generate optimization recommendations. The content of your files is sent to OpenAI solely for analysis purposes and is subject to OpenAI's data processing terms.

Important: We do not use your specific uploaded data to train our AI models or for purposes other than providing the Service to you.

5. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), we process your personal data based on the following legal grounds:

5.1 Contract Performance

Processing is necessary to provide the Service you have signed up for (account creation, file analysis, payment processing).

5.2 Legitimate Interests

We process data for legitimate business interests such as:

• Improving and developing the Service
• Ensuring security and preventing fraud
• Analyzing usage patterns
• Communicating about service updates

5.3 Consent

For marketing communications and non-essential cookies, we rely on your explicit consent, which you can withdraw at any time.

5.4 Legal Obligations

We process data when required by law (e.g., tax records, responding to legal requests).

6. Data Sharing and Third Parties

We do not sell your personal data. We share your information only in the following circumstances:

6.1 Service Providers

We work with trusted third-party service providers who process data on our behalf:

• Supabase: Authentication, database, and file storage
• OpenAI: AI-powered analysis of uploaded files (GPT-4o API)
• Stripe: Payment processing
• Vercel: Hosting and infrastructure
• Email Service Providers: For transactional and marketing emails

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

6.2 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or to protect our rights, property, or safety.

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change.

6.4 Aggregated or Anonymized Data

We may share aggregated or anonymized data that cannot be used to identify you for research, marketing, or analytical purposes.

7. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this Privacy Policy:

7.1 Active Accounts

• Account Data: Retained while your account is active
• Uploaded Files: 90 days from upload date (configurable by plan)
• Analysis Results: Duration of subscription plus 30 days
• Usage Logs: 12 months for security and analytics

7.2 Closed Accounts

• Account Data: Deleted within 30 days of account closure
• Billing Records: Retained for 7 years for tax and legal compliance
• Support Communications: Retained for up to 3 years

7.3 Manual Deletion

You can delete your uploaded files and analyses at any time through your account settings. Account deletion can be requested by contacting us.

8. Data Security

We implement industry-standard security measures to protect your personal data:

8.1 Technical Safeguards

• Encryption: Data is encrypted in transit (TLS/SSL) and at rest
• Authentication: Secure authentication via Supabase with password hashing
• Access Controls: Role-based access to data and systems
• Monitoring: Continuous monitoring for security threats
• Regular Audits: Periodic security assessments and vulnerability testing

8.2 Organizational Safeguards

• Data minimization principles
• Employee training on data protection
• Confidentiality agreements with staff and contractors
• Incident response procedures

8.3 Data Breach Notification

In the event of a data breach affecting your personal data, we will notify you and relevant authorities as required by applicable law, typically within 72 hours of becoming aware of the breach.

8.4 Limitations

While we take reasonable precautions, no method of transmission or storage is 100% secure. You use the Service at your own risk.

9. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

9.1 GDPR Rights (EEA Users)

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure ("Right to be Forgotten"): Request deletion of your data
• Right to Restriction: Limit how we process your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for processing at any time
• Right to Lodge a Complaint: File a complaint with your local data protection authority

9.2 CCPA Rights (California Residents)

• Right to Know: What personal information we collect, use, and share
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt-out of the sale of personal information (we do not sell data)
• Right to Non-Discrimination: Equal service regardless of exercising your rights

9.3 How to Exercise Your Rights

To exercise any of these rights, contact us at:

We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

10. International Data Transfers

Your data may be transferred to and processed in countries other than your own. These countries may have different data protection laws.

We ensure appropriate safeguards are in place for international data transfers, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions by data protection authorities
• Compliance with Privacy Shield principles (where applicable)

Our primary service providers (Supabase, Vercel, OpenAI, Stripe) comply with GDPR and international data transfer requirements.

11. Children's Privacy

cloudCostAI is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children under 16.

If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete that information as quickly as possible.

If you believe we have collected information from a child under 16, please contact us immediately at cloudcostAI.management@hotmail.com.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make material changes, we will:

• Update the "Last updated" date at the top of this page
• Notify you via email (to the address associated with your account)
• Display a prominent notice on the Service

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the updated Privacy Policy.

13. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: