Privacy Policy

1. Information We Collect

2. How We Use Your Data

• Provide cost analysis, anomaly detection, and optimization recommendations
• Generate AI-powered insights using your aggregated cost metrics (not raw data)
• Send alerts and notifications you configure (email, Slack)
• Process subscription payments through Stripe or Razorpay
• Improve our anomaly detection algorithms using anonymized, aggregated patterns
• Communicate product updates and security notices

3. Data Storage & Security

Your data is stored in PostgreSQL databases hosted on Supabase with encryption at rest (AES-256). All connections use TLS 1.3. API keys provided by you (Gemini, OpenAI) are encrypted before storage and masked in all UI displays.

4. AI & Machine Learning

When you configure an AI provider (Google Gemini, OpenAI), only aggregated cost summaries are sent for analysis — never raw data, credentials, or personally identifiable information. Your AI API key is stored encrypted and used exclusively for your organization's analysis. We do not train our own models on your individual data.

5. Third-Party Services

6. Data Retention

Account data is retained until you delete your account. After deletion, all data is permanently purged within 30 days.

7. Your Rights

• Export: Download your data at any time from Settings
• Delete: Request complete account and data deletion
• Update: Modify your personal information in Settings
• Opt-out: Unsubscribe from marketing emails (transactional emails cannot be opted out)
• Access: Request a copy of all data we hold about you

8. Cookies

We use only essential cookies: an authentication session cookie (JWT) and a demo mode preference cookie. We do not use advertising, analytics, or third-party tracking cookies.