Introduction
CloudAct.ai ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.
Information We Collect
We collect information that you provide directly to us, including:
- Account information (name, email, company)
- Cloud provider credentials (securely encrypted)
- Usage data and cost information
- Payment information (processed by Stripe)
API Keys and Credentials
When you provide API keys or credentials:
- They are encrypted using industry-standard AES-256 encryption at rest
- They are transmitted only over TLS 1.3 encrypted connections
- You are solely responsible for the permission scope of credentials you provide
- You should use the minimum permissions necessary (read-only recommended)
How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve our services
- Process transactions and send related information
- Send technical notices and support messages
- Monitor and analyze trends and usage
Data Security
We implement industry-standard security measures to protect your data, including encryption at rest and in transit, regular security audits, and SOC 2 Type II compliance.
Data Breach Disclaimer
While we implement robust security measures, no method of transmission over the Internet or electronic storage is 100% secure. CloudAct.ai assumes zero liability for any data leaks, security breaches, or unauthorized access arising from:
- Your use of credentials with write or administrative permissions instead of read-only access
- Third-party cloud providers, services, or integrations
- Cyberattacks, hacking, or malicious activities beyond our reasonable control
- Your failure to maintain adequate security practices for your own systems
- Compromise of credentials on your end before transmission to our platform
You acknowledge and agree that you provide credentials and data at your own risk, and we strongly encourage the use of read-only credentials to minimize potential exposure in any security event.
Data Retention
We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
Your Rights
Depending on your location, you may have certain rights regarding your personal information, including the right to access, correct, delete, or port your data. Contact us to exercise these rights.
Third-Party Services
Our platform integrates with third-party cloud providers (AWS, Azure, GCP), GenAI providers (OpenAI, Anthropic, Google), and other services. We are not responsible for the privacy practices of these third parties. Your use of third-party services is subject to their respective privacy policies.
International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. By using the platform, you consent to such transfers. We implement appropriate safeguards for international data transfers in compliance with applicable laws.
Children's Privacy
Our platform is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page with an updated "Last updated" date. Your continued use of the platform after any changes constitutes your acceptance of the modified policy.