Privacy Policy

Last updated: January 3, 2025

1. Introduction

CloudPruneAI ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AWS cost optimization service.

2. Information We Collect

2.1 Account Information

  • Email address
  • Name (optional)
  • Company name (optional)
  • Payment information (processed securely by Stripe)

2.2 AWS Account Data

When you connect your AWS account, we collect read-only metadata about your infrastructure, including:

  • EC2 instance configurations and CloudWatch metrics
  • EBS volume information and utilization data
  • S3 bucket metadata and storage class information
  • Cost and usage data from AWS Cost Explorer
  • Resource tags and identifiers

Important: We never access, store, or process the actual content of your data (e.g., files in S3 buckets, data in databases). We only analyze metadata and configuration information.

3. How We Use Your Information

We use the collected information to:

  • Analyze your AWS infrastructure for cost optimization opportunities
  • Generate personalized CDK code recommendations
  • Calculate and verify actual savings
  • Send you scan results, alerts, and reports
  • Process payments and manage your subscription
  • Improve our service and develop new features
  • Provide customer support

4. Data Security

We implement industry-standard security measures to protect your data:

  • All data is encrypted in transit using TLS 1.3
  • Data at rest is encrypted using AES-256
  • We use AWS IAM roles with minimum required permissions (read-only)
  • External IDs are used to prevent confused deputy attacks
  • We never store AWS credentials; we use cross-account IAM roles
  • Regular security audits and vulnerability assessments

5. Data Sharing and Location

We do not sell your data. All data is processed and stored in AWS US regions (us-east-1). We may share information with:

  • Service Providers: Stripe (payments), Auth0 (authentication), AWS (infrastructure)
  • AI Providers: Anthropic (Claude API) for generating CDK code - only anonymized infrastructure patterns are shared. Important: Anthropic operates a zero data retention policy for API usage, meaning your data is not stored or used for training
  • Legal Requirements: When required by law or to protect our rights

6. Data Retention

We retain scan results and recommendations for 90 days. Account information is retained as long as your account is active. You can request deletion of your data at any time by contacting us.

7. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Export your data
  • Disconnect your AWS account at any time
  • Opt out of marketing communications

8. Cookies

We use essential cookies for authentication and session management. We may use analytics cookies to improve our service. You can control cookie preferences through your browser settings.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through our service. Your continued use of CloudPruneAI after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Email: privacy@cloudpruneai.com