← Back to Home

Privacy Policy

Last updated: June 8, 2026

1. Introduction

CloudOptix ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cloud cost optimization platform and website (collectively, the "Service").

By accessing or using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Name and email address
  • Password (stored in hashed form)
  • Organization name (if provided)

2.2 Cloud Account Credentials

To provide cost optimization services, we require read-only access credentials to your cloud provider accounts (AWS, GCP, Azure). These credentials are encrypted using AES-256 encryption at rest and are never used to modify your infrastructure.

2.3 Usage and Cost Data

We collect cloud resource metadata, usage metrics, and billing data from your connected cloud accounts. This data is used solely to generate cost optimization recommendations and is not shared with third parties.

2.4 Interaction Data

We collect chat conversations with our AI assistant, user preferences, and feedback to improve recommendation quality. Conversation data is stored per-user and not shared across accounts.

2.5 Automatically Collected Information

When you visit our website, we may automatically collect:

  • IP address and browser type
  • Pages visited and time spent
  • Referring URL and device information

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Generate personalized cost optimization recommendations
  • Power the AI assistant with context about your infrastructure
  • Detect and prevent anomalous spending patterns
  • Send transactional emails (account updates, alerts)
  • Respond to support requests
  • Analyze usage trends to improve the platform

4. Data Sharing and Disclosure

We do not sell your personal information. We may share information only in these circumstances:

  • AI Service Providers: We use third-party AI providers (for natural language processing only). No cloud credentials or raw billing data is sent to these providers.
  • Infrastructure Providers: We use MongoDB Atlas for data storage and Vercel for hosting, subject to their respective privacy policies.
  • Legal Requirements: We may disclose information if required by law, regulation, or legal process.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets.

5. Data Security

We implement industry-standard security measures including:

  • AES-256 encryption for cloud credentials at rest
  • TLS 1.2+ encryption for all data in transit
  • JWT-based authentication with secure token handling
  • Read-only access to cloud accounts (we never modify your resources)
  • Regular security reviews and dependency updates

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your account data for as long as your account is active. Cloud cost data is retained for up to 12 months to enable trend analysis. Chat conversation history is retained for 90 days. You may request deletion of your data at any time by contacting us.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict processing of your data
  • Data portability (receive your data in a structured format)
  • Withdraw consent at any time

To exercise these rights, contact us at privacy@cloudoptix.dev.

8. Cookies

We use essential cookies for authentication and session management. We do not use third-party tracking cookies or advertising cookies. You may configure your browser to refuse cookies, but some features of the Service may not function properly.

9. Children's Privacy

Our Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal data, please contact us so we can delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

privacy@cloudoptix.dev