Privacy Policy

Last updated: December 06, 2025

1. Introduction

Cloudventory ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AWS resource inventory and monitoring service ("Service").

By using the Service, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Personal Information

We collect the following personal information when you create an account:

  • Email address (required for account creation and communication)
  • First and last name (optional, for personalization)
  • Organization name
  • Password (stored as a hashed value using Argon2)
  • Timezone preference

2.2 AWS Credentials and Resource Data

To provide our Service, we collect:

  • AWS access credentials (Access Key ID and Secret Access Key)
  • AWS Account IDs and aliases
  • AWS resource metadata (EC2 instances, S3 buckets, RDS databases, Lambda functions, IAM resources, VPCs, Security Groups, EBS volumes)
  • AWS resource tags and configurations
  • Resource relationships and network topology

Security Note: AWS credentials are encrypted at rest using Fernet encryption with industry-standard keys.

2.3 Usage Data

We automatically collect certain information when you use the Service:

  • Log data (IP addresses, browser type, pages visited, timestamps)
  • Session cookies (for authentication)
  • Feature usage analytics
  • Scan history and frequency

2.4 Payment Information

Payment processing is handled by Stripe. We do not store credit card numbers or payment details on our servers. Stripe processes and stores payment information according to their Privacy Policy.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Scan and monitor your AWS resources
  • Generate insights and recommendations about your infrastructure
  • Authenticate your identity and prevent unauthorized access
  • Process subscription payments and manage billing
  • Send administrative emails (account verification, password resets, security alerts)
  • Respond to customer support requests
  • Improve and optimize the Service
  • Detect and prevent fraud or security incidents
  • Comply with legal obligations

4. Data Storage and Security

4.1 Data Location

Your data is stored on secure servers located in the United States. We use industry-standard cloud hosting providers with SOC 2 Type II compliance.

4.2 Security Measures

We implement robust security measures to protect your data:

  • AWS credentials encrypted at rest with Fernet encryption
  • Passwords hashed using Argon2 (OWASP recommended)
  • HTTPS/TLS encryption for all data in transit
  • Multi-factor authentication (MFA) available for all accounts
  • Regular security audits and vulnerability scanning
  • Tenant isolation (organization-level data separation)
  • Role-based access control (RBAC)
  • Automated secrets scanning (Gitleaks, Bandit, Semgrep)

4.3 Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Resource scan data is retained for historical tracking and trend analysis.

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

  • Service Providers: Stripe for payment processing
  • Legal Requirements: When required by law, court order, or government request
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (users will be notified)
  • Consent: With your explicit consent for any other purpose

We never share your AWS credentials or resource data with third parties for marketing or analytics purposes.

6. Cookies and Tracking

We use cookies for the following purposes:

  • Authentication: Session cookies to keep you logged in
  • CSRF Protection: Security tokens to prevent cross-site request forgery
  • Analytics: PostHog (privacy-friendly product analytics, used to understand feature usage and improve the Service)

We do not use third-party advertising cookies or tracking pixels. You can configure your browser to refuse cookies, but this may limit Service functionality.

7. Your Privacy Rights

7.1 GDPR Rights (EU Users)

If you are located in the European Economic Area (EEA), you have the following rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data (30-day GDPR-compliant process)
  • Right to Restriction: Limit how we process your data
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to processing of your data
  • Right to Withdraw Consent: Withdraw consent at any time

7.2 CCPA Rights (California Users)

If you are a California resident, you have the right to:

  • Know what personal information we collect
  • Request deletion of your personal information
  • Opt-out of the sale of personal information (we do not sell your information)
  • Non-discrimination for exercising your privacy rights

7.3 Account Deletion

You may request account deletion at any time from your profile settings. Upon deletion:

  • Your account is immediately deactivated
  • A 30-day grace period allows you to cancel the deletion request
  • After 30 days, all personal data and AWS credentials are permanently deleted
  • Anonymized usage data may be retained for analytics

8. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal data, please contact us immediately.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws different from your jurisdiction. By using the Service, you consent to the transfer of your information to the United States and other countries.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. We encourage you to review this Privacy Policy periodically. Continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

Email: privacy@cloudventory.io
Subject Line: Privacy Request

We will respond to privacy requests within 30 days as required by applicable law.

← Back to Registration