Privacy Policy

1. Information we collect

We only collect the information needed to analyze your cloud infrastructure and support your account:

• Account details: email address and password hash.
• Cloud credentials: API keys and access tokens stored securely using AES-256-GCM encryption at rest.
• Infrastructure data: Resource configurations, costs, and usage metrics from your cloud providers.
• Billing metadata: customer identifiers, payment details, and invoices via Stripe.

2. How we use your data

Data is processed exclusively to provide, secure, and improve the service:

• Authenticate users and maintain session security.
• Analyze cloud infrastructure to generate cost savings recommendations.
• Send account notifications and analysis completion alerts.
• Process payments and manage subscriptions with Stripe.

3. Data sharing & retention

• We never sell your data. Access is limited to authorized team members on a need-to-know basis.
• Cloud credentials are encrypted at rest and never shared with third parties.
• Customer data is retained while your account remains active. Upon cancellation we archive for 90 days, then delete.
• Payment data is handled directly by Stripe; we store only references to Stripe Customer IDs.

4. Your rights

• Request a copy of your data or ask us to update incorrect information.
• Export analysis reports and billing history at any time.
• Deactivate an account and permanently delete data (subject to legal retention requirements).
• Contact us at privacy@cloudrepatriationtool.com for any privacy questions.

5. Updates to this policy

When we make changes, we will update the effective date and notify users via email. Material changes may also appear as in-app notifications.

Have a concern? Reach out through our contact page and we'll respond within one business day.